Port scanning is crucial in recon, but running it manually on big scopes? Nope. That’s why I made Nmap Bomber a Python script that runs fast and furious parallel nmap scans on your subdomains.

PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirectory module (ADWS) or System.DirectoryServices class (LDAP).

Activation Context Hijack

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Active Directory Integrated DNS dumping by any authenticated user

Web vulnerability scanner written in Python3

Testing TLS/SSL encryption anywhere on any port

An unconventional Windows reverse shell, currently undetected by Microsoft Defender and various other AV solutions, solely based on http(s) traffic.

AFROG- A tool for finding vulnerabilities

Parse source code directories and output list of URLs that are then sent through a proxy.

Fast web fuzzer written in Go

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

A fast, simple, recursive content discovery tool written in Rust.

DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover

A Workflow Engine for Offensive Security

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

Web Fuzzer

A collaborative, multi-platform, red teaming framework

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Prevent cloud misconfigurations during build-time for Terraform, CloudFormation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

E-mails, subdomains and names Harvester - OSINT

BBT - Bug Bounty Tools

The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

A rust library that allows you to delete your executable while it's running.