appsec.fyi

A somewhat curated list of links to various topics in application security.

Recon

LinkExcerpt
ArjunArjun Introduction Web applications use parameters (or queries) to accept user input, take the following example into consideration http://api.example.
XCTR Hacking Tools - All in one for Information GatheringInitially, you need to create a project where you will save everything. All of the collected information is saved as "project-name" in the results directory.
SimplySecurity/SimplyEmailWhat is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework.
Ekultek/Zeus-ScannerNOTE: due to dumbass people, automatic issue creation has been turned off until further notice Helpful links directory Zeus-Scanner What is Zeus? Zeus is an advanced reconnaissance utility designed to make web application reconnaissance simple.
s0md3v/StrikerStriker is an offensive information and vulnerability scanner. Want to see what else it can do? Try it yourself.
leebaird/discoverFor use with Kali Linux. Custom bash scripts used to automate various pentesting tasks. Passive uses ARIN, dnsrecon, goofile, goog-mail, goohost, theHarvester, Metasploit, URLCrazy, Whois, multiple websites, and recon-ng.
Awesome Asset DiscoveryAsset Discovery is the initial phase of any security assessment engagement, be it offensive or defensive. With the evolution of information technology, the scope and definition of assets has also evolved.
BishopFox/GitGotGitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets. During search sessions, users will provide feedback to GitGot about search results to ignore, and GitGot prunes the set of results.
ReconDogRecon Dog will run on anything that has a python interpreter installed. However, it has been tested on the following configurations: Recon Dog requires no manual configuration and can be simply run as a normal python script.
m0rtem/CloudFailCloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by CloudFlare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases.