A somewhat curated list of links to various topics in application security.


LinkExcerptWord Count
ArjunArjun What's Arjun? Arjun can find query parameters for URL endpoints. If you don't get what that means, it's okay, read along. Web applications use parameters (or queries) to accept user input, take the following example into consideration http://api.example.263
XCTR Hacking Tools - All in one for Information GatheringInitially, you need to create a project where you will save everything. All of the collected information is saved as "project-name" in the results directory.267
Email recon made fast and easy, with a framework to build onSimplyEmail was built arround the concept that tools should do somthing, and do that somthing well, hence 'Simply'. Full documentation can be found at:105
Helpful links directoryHelpful links directory Translations What is Zeus Zeus's features Requirements and installation Ubuntu/Debian centOS Backbox other Screenshots Demo video User manual How Zeus works Functionality Passing sqlmap flags with Zeus Legal information License (GPL) Code of conduct Report a bug Open a pul1191
StrikerStriker 2.0 is still in prototype phase, which means it's not intended to be used by regular users. It has been made public for contrbutions to make the development faster.Usage: python3 example.com186 bash scripts used to automate various penetration testing tasks including recon, scanning, parsing and creating malicious payloads and listeners with Metasploit. For use with Kali Linux and the Penetration Testers Framework (PTF).598
Awesome Asset DiscoveryAsset Discovery is the initial phase of any security assessment engagement, be it offensive or defensive. With the evolution of information technology, the scope and definition of assets has also evolved.1100
BishopFox/GitGotGitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets. During search sessions, users will provide feedback to GitGot about search results to ignore, and GitGot prunes the set of results.610
ReconDogRecon Dog will run on anything that has a python interpreter installed. However, it has been tested on the following configurations: Recon Dog requires no manual configuration and can be simply run as a normal python script.398
CloudFailCloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by Cloudflare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases.308