Stars
A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting
A Burp Suite extension for CSRF proof of concepts.
AWS, Azure, Alibaba and Google bucket scanner
A powerful command-line tool for Google dorking, enabling users to uncover hidden information and vulnerabilities with advanced search queries.
Burp Suite extension that mutates ciphers to bypass TLS-fingerprint based bot detection
Offline command line tool that searches for GTFOBins binaries that can be used to bypass local security restrictions in misconfigured systems.
Android security insights in full spectrum.
Bug Bounty Web and API Payloads
IPFuscator - A tool to automatically generate alternative IP representations
A list of public penetration test reports published by several consulting firms and academic security groups.
A tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox
A simple script to convert normal-text to Cyrillic-text. This allows hackers to obfuscate text in puny-code format which can lead into a lot of multiple Phishing attacks.
Burp plugin able to find reflected XSS on page in real-time while browsing on site
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!
A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Simple Bash scripts to make easier Android hacking (mobile pentesting).
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Python script for Unify all Parameters with all URLs.
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
Automatic SSRF fuzzer and exploitation tool
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.