An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Collection of scripts that I use while bug hunting

PowerTools is a collection of PowerShell projects with a focus on offensive operations.

Prevents you from committing secrets and credentials into git repositories

🥧 HTTPie CLI — modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more.

A collection of all the data i could extract from 1 billion leaked credentials from internet.

Scanning APK file for URIs, endpoints & secrets.

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Cobalt Strike UDRL for memory scanner evasion.

Directory scans

My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+

The motive to build this repo is to help beginner to start learn Android Pentesting by providing a roadmap.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Automated & Manual Wordlists provided by Assetnote

tool that generates bypasses for open redirects

latest version of scanners for IIS short filename (8.3) disclosure vulnerability

Dangerously fast DNS/network/port scanner

Community curated list of public bug bounty and responsible disclosure programs.

Impacket is a collection of Python classes for working with network protocols.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Security Auditor Utility for GraphQL APIs

bypass-url-parser

GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

🔥 Web-application firewalls (WAFs) from security standpoint.

Another way to bypass WAF Cheat Sheet (draft)

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

Collection of methodology and test case for various web vulnerabilities.