NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications

Make Your Company Data Driven. Connect to any data source, easily visualize, dashboard and share your data.

SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

A cheat sheet that contains advanced queries for SQL Injection of all types.

A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to …

SSRF (Server Side Request Forgery) testing resources

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Web App bug hunting

All about bug bounty (bypasses, payloads, and etc)