Stars
Scripts to help work with configuration audit files
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
Vulnerable thick client applications used as examples in the Introduction to Hacking Desktop Applications blog series
A modular bug hunting and web application pentesting framework written in Go
Penetration tests guide based on OWASP including test cases, resources and examples.
This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF…
[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods…
A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps.
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
A collection of custom security tools for quick needs.
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
A list of resources for those interested in getting started in bug bounties
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
nodejsscan is a static security code scanner for Node.js applications.
Basics on commands/tools/info on how to assess the security of mobile applications
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Unicode To Chinese -- U2C : A burpsuite Extender That Convert Unicode To Chinese 【Unicode编码转中文的burp插件】
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.