Fast and customizable subdomain wordlist generator using DSL

Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces

Write-ups of my findings.

Top disclosed reports from HackerOne

Monitor websites for changes

Collection of methodology and test case for various web vulnerabilities.

DNS resolution tracing tool

Summary and archive of Vatican .va (Holy See) ccTLD zone data for researchers.

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

Navigate the CVE jungle with ease.

Automatic SQL injection and database takeover tool

Notes I took while preparing for eJPT certification by INE Security (passed 19/20, fka eLearn Security)

Notes I took while preparing for eJPT certification by eLearn Security (passed 19/20)

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

Academic purposes only. Attack against Salesforce lightning with guest privilege.

Semgrep rules for smart contracts based on DeFi exploits

Automagically reverse-engineer REST APIs via capturing traffic

Nuclei plugins to audit Chrome extensions

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

Download APK from Google Play or send API requests

☁️ Bash history in the cloud. Indexed and searchable.

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target

This can be used to exploit POST XSS without much interaction from the victim.

A Tool for Domain Flyovers

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

Utility program to perform multiple operations for a given subnet/CIDR ranges.