CT Log Scanner

Burp Plugin to Bypass WAFs through the insertion of Junk Data

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Kotlin Rewrite of Logger++

A python script that finds endpoints in JavaScript files

a javascript change monitoring tool for bugbounties

CeWL is a Custom Word List Generator

Directory/File, DNS and VHost busting tool written in Go

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets

Pull out bits of URLs provided on stdin

Fetch all the URLs that the Wayback Machine knows about for a domain

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!

CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocke…

Easily gather all routes related to a NextJs application through parsing of _buildManifest.js

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.