A recursive internet scanner for hackers.

Online e-book reader that supports Yomichan

A simple mutator engine which focuses on finding unknown classes of injection vulnerabilities

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

Status Page for monitoring your websites and applications with beautiful graphs, analytics, and plugins. Run on any type of environment.

Find leaky observation channels in browsers and XS-Leaks on websites

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

Academic purposes only. Attack against Salesforce lightning with guest privilege.

Rails app demonstrating a WebAuthn password-less login

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

Burp Suite extension that offers a toolkit for testing GraphQL endpoints.

CVE-2023-33733 reportlab RCE

Generates combination of domain names from the provided input.

PETEP (PEnetration TEsting Proxy) is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applicatio…

A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development…

Protect and discover secrets using Gitleaks 🔑

🚨 GROW YOUR AUDIENCE WITH HUGOBLOX! 🚀 HugoBlox is an easy, fast no-code website builder for researchers, entrepreneurs, data scientists, and developers. Build stunning sites in minutes. 适合研究人员、企业家、…

Artificial Intelligence Infrastructure-as-Code Generator.

Cracker for Apache.lang.commons RandomStringUtils(). Code for "The Java Soothsayer" talk at EkoParty 2017 by Alejo Popovici.

Reverses the internal seed(s) of JavaRandom given information on its output in the form of a system of inequalities on various Random calls. Works by reducing the problem to finding certain vectors…

GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

Gospider - Fast web spider written in Go

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

Cracking Java's PRNG (java.util.Random) using one (long) token

randcrack is a tool used to "crack" a sequence of pseudo random numbers and predict the next terms in the list.