Intigriti Quick Scope (IQS) is a new Burp Suite extension that allows researchers to automate project and scope setup within Burp Suite by pulling data directly from the official Intigriti Research…

Advanced XSS covers techniques to bypass modern web security measures like blacklists, filters, and Content Security Policy (CSP). It focuses on advanced Cross-Site Scripting (XSS) attacks, includi…

My CTF Challenges

Obtain GraphQL API schema even if the introspection is disabled

A toolset for reverse engineering and fuzzing Protobuf-based apps

Blackbox Protobuf is a set of tools for working with encoded Protocol Buffers (protobuf) without the matching protobuf definition.

a javascript change monitoring tool for bugbounties

Tool to find JavaScript files on Websites

Tools for finding SMTP smuggling vulnerabilities.

AIRecon is an autonomous cybersecurity agent that combines a self-hosted Large Language Model (Ollama) with a Kali Linux Docker sandbox and a Textual TUI. It is designed to automate security assess…

✍️ A curated list of CVE PoCs.

Library of Exploiting Last Frame Synchronization (also know as Single Packet Attack) on HTTP/3 - Manipulated version of quic-go lib

Passive recon & attack surface mapper — zero requests sent

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

Capture HTTP/HTTPS, and Websocket from iOS app without proxy.

Spec-driven bug bounty writeups and real world security failures.

Mix subdomains words and positions, wordlist included.

Contextual Content Discovery Tool

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

Burp plugin for jxscout

High performance fuzzing using riscv to x86 binary translations and modern fuzzing techniques

A tool to perform Sequential Import Chaining

Fetch many paths for many hosts - without killing the hosts

An extension to find callback endpoints in the background while searching the Web

Fast exfiltration of text using only CSS and Ligatures

Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

Gather results of dorks across a number of search engines

Prototype Pollution and useful Script Gadgets