Automation for javascript recon in bug bounty.

URL scanner for recon, vulnerabilities, secrets and more!

Header Exploitation HTTP

ChatGPT Prompts for Bug Bounty & Pentesting

The most powerful CRLF injection (HTTP Response Splitting) scanner.

A repository that includes all the important wordlists used while bug hunting.

Find open databases - Powered by Binaryedge.io

CVE-2024-23897

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

i will upload more templates here to share with the comunity.

CVEs and Techniques used PDF as an attack vector.

|| Android Application Security ||

SSRF testing tool

A collection of awesome security hardening guides, tools and other resources

Simple checklist to help you deploying the most important areas of the GNU/Linux production systems - work in progress.

Dex to Java decompiler

Git index file parser, using python3

NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications

Dons Js Scanner is a sleek command-line tool that hunts for hidden treasures—API keys, credentials, and secrets—lurking in the JavaScript of websites. Its vibrant ASCII art logo welcomes users to a…

A curated list of the most common and most interesting robots.txt disallowed directories.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

A repository with 3 tools for pwn'ing websites with .git repositories available

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.