Stars
The best-benchmarked open-source AI memory system. And it's free.
Nuclei scripts created by @rxerium for zero days / actively exploited vulnerabilities.
Scan websites for exposed Supabase JWTs, enumerate accessible tables, and detect sensitive data exposure automatically.
🐛 A list of writeups from the Google VRP Bug Bounty program
rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks
Create pretty screenshots of your requests and response right into Caido
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)
React Shell & Next.js RSC Exploit Tool (CVE-2025-55182)
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
Cybersecurity AI (CAI), the framework for AI Security
Bug Bounty Hunting Framework Designed to Help Beginners Compete w/ the Pros
A local-only GUI tool to analyze `.js.map` source map files.
CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocke…
Abuse trust-boundaries to bypass firewalls and network controls
🤖 LLM-powered agent for automated Google Dorking in bug hunting & pentesting.
AI/LLM local model integration for analysis of reconftw results
Burp Suite extension to detect Web Cache Deception vulnerabilities, now compatible with the Community Edition. Automates advanced cache poisoning tests and provides detailed exploit examples.
Pear 🍐 is extension for music player
A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
Implementation of the Web Cache Deception detection methodology presented in the paper "Web Cache Deception Escalates!"
detect technologies with wappalyzer alternative