A streamlined tool for discovering TLDs, associated domains, and related domain names.

Command-line XML and HTML beautifier and content extractor

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container …

An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.

Filter and enrich a list of subdomains by level

A tool to perform Sequential Import Chaining

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

🔗 A curated list of awesome Caido related projects

EvenBetter is a frontend Caido plugin that makes the Caido experience even better 😎

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

The Most Advanced Client-Side Prototype Pollution Scanner

Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, col…

Gather results of dorks across a number of search engines

GQLSpection - parses GraphQL introspection schema and generates possible queries

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

Fuzz anything with Program Environment Fuzzing

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!

Search for sensitive data in Postman public library.

WConsole Extractor is a python library which automatically exploits a Werkzeug development server in debug mode. You just have to write a python function that leaks a file content and you have your…

SSRF (Server Side Request Forgery) testing resources

An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability

A versatile and portable proxy for capturing, manipulating, and replaying HTTP/HTTPS traffic on the go.

A utility to detect various technology for a given IP address.

Nuclei AI - Browser Extension for Rapid Nuclei Template Generation

ECMAScript/JavaScript engine in pure Go

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.