how to look for Leaked Credentials !

Some tips for Bug Bounty using LibreOffice

Differential fuzzing REPL for HTTP implementations.

Same Origin XSS challenge

Stripe Apps lets you embed custom user experiences directly in the Stripe Dashboard and orchestrate the Stripe API.

Client Side Prototype Pollution Scanner

🌐 🔌 The MetaMask browser extension enables browsing Ethereum blockchain enabled websites

DevTools for network recording, editing and resending.

Searcher for cross-site leaks (XS-Leaks)

Deobfuscate Javascript code using ChatGPT

Client-Side Prototype Pollution Tools

Web Security Insights & Case Studies

A cheatsheet for exploiting server-side SVG processors.

Simple GTA San Andreas Menu

An intentionally vulnerable NGINX setup

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

A collection of regexes for every possbile use

PoC for leaking text nodes via CSS injection

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

Chrome extension that allows you to monitor, browse and filter all DOM changes.

A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon

XS-Leaks Wiki

A collection of browser-based side channel attack vectors.

A Python implementation that facilitates finding timeless timing attack vulnerabilities.

Collect information about a domain and use it to plan a attack vector

Get all Assets of the Hackerone scope for all programs or a particular program.

🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.

A tool for embedding XXE/XML exploits into different filetypes