Automated web vulnerability scanning with LLM agents

A tool to help you intercept encrypted APIs in iOS or Android apps

Prompt Injection Primer for Engineers

OAuth 2.0 exploitation, attack and research tools.

MySQL JDBC Deserialization Payload / MySQL客户端jdbc反序列化漏洞payload

An IIS short filename enumeration tool

JavaScript-based web UI to decode ad-hoc Protobuf data

A simple zero-config tool to make locally trusted development certificates with any names you'd like.

A library for detecting known secrets across many web frameworks

A tool to fetch all in scope assets of HackerOne programs for integration in your automation and hacking workflow using HackerOne's hacker API

A tool to guess the rest of the shortnames provided by vulnerable IIS instances.

Detect and bypass web application firewalls and protection systems

A copy of Mura when it was still open-source in August 2020

MOVEit CVE-2023-34362

Automating situational awareness for cloud penetration tests.

DNS rebinding toolkit

XSS payloads designed to turn alert(1) into P1

Unofficial documentation for the great tool Param Miner

CVE-2022-21587 POC

A community-powered collection of all known bug bounty platforms, vulnerability disclosure platforms, and crowdsourced security platforms currently active on the Internet.

Azure Security Resources and Notes

All my infosec notes I have been building up over the years

essential templates for kenzer [DEPRECATED]

Need any help bypassing CSP ?

pwm

Create tar/zip archives that can exploit directory traversal vulnerabilities

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list