Academic purposes only. Attack against Salesforce lightning with guest privilege.

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

Domain Availability Checker

A very simple AEM detector written in rust.🦀

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.

Reverse proxies cheatsheet

Contextual Content Discovery Tool

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

🌐 Wikipedia for Web APIs. Directory of REST API definitions in OpenAPI 2.0/3.x format

A framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public

Match and Replace script used to automatically generate JSON option file to BurpSuite

This docker container catches outbound HTTP requests. It is useful for the functional testing of services such as API clients and webhook dispatchers.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Tool check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519

A tool for adding new lines to files, skipping duplicates

Open-source vulnerability disclosure and bug bounty program database

Protect and discover secrets using Gitleaks 🔑

Github dorking tool

Wildcard certificates which were on vulnerable Citrix servers in 2020

A list of shodan filters

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.

"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.

A curated list of the best charting and dataviz resources that developers may find useful, including the best JavaScript charting libraries

Now, the Host is Mine! - Super Fast Sub-domain Takeover Detection!

OWASP Application Gateway is an HTTP proxy that handles Oauth2 authentication and session management

Curated list of open-source & paid Attack Surface Monitoring (ASM) tools.