Static file serving and directory listing

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Content-Type Research

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

Extract one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The exported QR codes from authentication apps can be captured…

Sample queries for Advanced hunting in Microsoft 365 Defender

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Fetch Android appdata/ from Google Drive

Execute a local command using the processing power of another Linux machine.

PowerShell framework to assess Azure security

Terminal UI library with rich, interactive widgets — written in Golang

📱 objection - runtime mobile exploration

kCTF is a Kubernetes-based infrastructure for CTF competitions. For documentation, see

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Docker - Beginners | Intermediate | Advanced

Prototype Pollution and useful Script Gadgets

ARCHIVE - Golang implementation of JSON Web Tokens (JWT). This project is now maintained at:

Self-rendering Markdown + LaTeX documents

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Classy web framework for Go

Real-time microphone noise suppression on Linux.

Chakra UI is a component system for building SaaS products with speed ⚡️

Docker container for managing Nginx proxy hosts with a simple, powerful interface

Get a full fake REST API with zero coding in less than 30 seconds (seriously)

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

Android app for demonstrating native library harnessing

A curated list of awesome warez and piracy links