Stars
Fast and customizable subdomain wordlist generator using DSL
Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces
Top disclosed reports from HackerOne
Collection of methodology and test case for various web vulnerabilities.
Summary and archive of Vatican .va (Holy See) ccTLD zone data for researchers.
An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
Automatic SQL injection and database takeover tool
Notes I took while preparing for eJPT certification by INE Security (passed 19/20, fka eLearn Security)
pdelteil / eJPT-notes
Forked from edoardottt/eJPT-notesNotes I took while preparing for eJPT certification by eLearn Security (passed 19/20)
Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
Academic purposes only. Attack against Salesforce lightning with guest privilege.
Semgrep rules for smart contracts based on DeFi exploits
Automagically reverse-engineer REST APIs via capturing traffic
TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!
☁️ Bash history in the cloud. Indexed and searchable.
A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target
This can be used to exploit POST XSS without much interaction from the victim.
🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
Utility program to perform multiple operations for a given subnet/CIDR ranges.