A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting

A SAST skill that gives AI coding agents structured vulnerability detection across 34 vulnerability classes.

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

1337 Wordlists for Bug Bounty Hunting

Web Fuzzing Box - Web 模糊测试字典与一些Payloads

FileAnalyzer is a sensitive file analysis tool designed for bug bounty hunters and security researchers. It allows downloading documents like PDF, DOCX, XLSX, or PPTX from public or private URLs, e…

List of Mine Private wordlist i use for fuzzing

AI-first security scanner with 76 analyzers, 9,600+ detection rules, and repo poisoning detection for AI/ML, LLM agents, and MCP servers. Scan any GitHub repo with: medusa scan --git user/repo

Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database

A light-weight torrent media center at one place.

Open-source Windows and Office activator featuring HWID, Ohook, TSforge, and Online KMS activation methods, along with advanced troubleshooting.

A port of ParrotSec's stealth and anonsurf modules to Kali Linux

🔥 Stay motivated and show off your contribution streak! 🌟 Display your total contributions, current streak, and longest streak on your GitHub profile README

Misc dictionaries for directory/file enumeration, username enumeration, password dictionary/bruteforce attacks

Cameradar hacks its way into RTSP videosurveillance cameras

Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.

Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.

TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

i will upload more templates here to share with the comunity.

A repository with 3 tools for pwn'ing websites with .git repositories available

Damn Vulnerable PHP Application (DVPA) - It is Lab Written in The PHP lang, Which Contains PHP Type Juggling - RCE Challenges

Your target's phone's front and back cameras📸 can be accessed by sending a link🔗.

Small, fast tool for performing reverse DNS lookups en masse.

Frack - Keep and Maintain your breach data