Digging into private data through Sonarcloud public projects

CTF Archives: Collection of CTF Challenges.

Aggregated audit checklist

A repository to store all my recourses and code on my Web 3 education

A collection of resources to study Solana smart contract security, auditing, and exploits.

A collection of Burp Suite Lambda Filters ~ Bambdas

Exploits targeting Symfony

CI/CD Security Analyzer

Azure and AWS Attacks

How GitHub Actions workflows can be hacked

Obtain GraphQL API schema even if the introspection is disabled

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

A path-normalization pentesting tool.

A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

A CLI tool that recursively computes the checksum of the contents of a directory, and prints the checksums up to a depth you can specify.

A Personal Collection of Infosec Dorks

URL Encode Injection List

For unpacking base64:ed "Save items"-content from Burp (From search + proxy history)

Burp Suite Extension Docs - Trigger actions and reshape HTTP request/response and WebSocket traffic using configurable rules

a javascript change monitoring tool for bugbounties

Never ever ever use pixelation as a redaction technique

vhost scanning

The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.

Salesforce API Library for JavaScript applications (both on Node.js and web browser)

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

MapperPlus facilitates the extraction of source code from a collection of targets that have publicly exposed .js.map files.