appsec.fyi

A somewhat curated list of links to various topics in application security.

Recon

LinkExcerpt
ArjunArjun What's Arjun? Arjun can find query parameters for URL endpoints. If you don't get what that means, it's okay, read along. Web applications use parameters (or queries) to accept user input, take the following example into consideration http://api.example.
XCTR Hacking Tools - All in one for Information GatheringInitially, you need to create a project where you will save everything. All of the collected information is saved as "project-name" in the results directory.
Email recon made fast and easy, with a framework to build onSimplyEmail was built arround the concept that tools should do somthing, and do that somthing well, hence 'Simply'. Full documentation can be found at:
Helpful links directoryHelpful links directory Translations What is Zeus Zeus's features Requirements and installation Ubuntu/Debian centOS Backbox other Screenshots Demo video User manual How Zeus works Functionality Passing sqlmap flags with Zeus Legal information License (GPL) Code of conduct Report a bug Open a pul
StrikerStriker 2.0 is still in prototype phase, which means it's not intended to be used by regular users. It has been made public for contrbutions to make the development faster.Usage: python3 striker.py example.com
https://github.com/leebaird/discoverCustom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing and creating malicious payloads and listeners with Metasploit. For use with Kali Linux and the Penetration Testers Framework (PTF).
Awesome Asset DiscoveryAsset Discovery is the initial phase of any security assessment engagement, be it offensive or defensive. With the evolution of information technology, the scope and definition of assets has also evolved.
BishopFox/GitGotGitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets. During search sessions, users will provide feedback to GitGot about search results to ignore, and GitGot prunes the set of results.
ReconDogRecon Dog will run on anything that has a python interpreter installed. However, it has been tested on the following configurations: Recon Dog requires no manual configuration and can be simply run as a normal python script.
m0rtem/CloudFailCloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by CloudFlare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases.