Stars
🕵️♂️ Collect a dossier on a person by username from thousands of sites
"cookiejar" is an open-source Golang tool designed to analyze web cookies for security vulnerabilities. It examines cookie attributes to ensure they adhere to best security practices, helping devel…
This repository contains a hand-curated resources for Prompt Engineering with a focus on Generative Pre-trained Transformer (GPT), ChatGPT, PaLM etc
Exfiltrate blind remote code execution output over DNS via Burp Collaborator.
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-heali…
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.
API Security Project aims to present unique attack & defense methods in API Security field
A comprehensive list of custom filters for Logger++ to identify various vulnerabilities in different API styles
Checklist of the most important security countermeasures when designing, testing, and releasing your API
A module that helps to manage some tasks on Office 365/Azure via undocumented API
Run individual controls or full compliance benchmarks for CIS across all of your Microsoft 365 and Office 365 tenants using Powerpipe and Steampipe.
retrieve information via O365 and AzureAD with a valid cred
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
"Bob the Smuggler": A tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file for…
In-depth attack surface mapping and asset discovery
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Unauthenticated Remote Code Execution – Bricks <= 1.9.6
This repository contains tutorials and tools for working with IP search engines. Search engines that search all devices connected to the Internet and collect a lot of different information about th…
The goal of this guide is very simple - to teach anyone interested in cyber security, regardless of their knowledge level, how to make the most of Netlas.io.
Standard Go Project Layout