bypass-url-parser

Scripts to help work with configuration audit files

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Turbo Intruder Scripts

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

Vulnerable thick client applications used as examples in the Introduction to Hacking Desktop Applications blog series

A modular bug hunting and web application pentesting framework written in Go

Simple transparent proxy setup for Android

HTTP Desync Attack

Penetration tests guide based on OWASP including test cases, resources and examples.

My Recon Automation

This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF…

[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods…

A W.I.P Android Security Ref

Burp Extension to manipulate AES encrypted payloads

A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps.

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

A collection of custom security tools for quick needs.

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Easy to use APK/IPA Mobile App Inspector

A list of resources for those interested in getting started in bug bounties

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

nodejsscan is a static security code scanner for Node.js applications.

Basics on commands/tools/info on how to assess the security of mobile applications

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

HTTP.ninja

Unicode To Chinese -- U2C : A burpsuite Extender That Convert Unicode To Chinese 【Unicode编码转中文的burp插件】

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.