DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Web path scanner

Some setup scripts for security research tools.

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

The cheat sheet about Java Deserialization vulnerabilities

OWASP CRS (Official Repository)

HTTPLeaks - All possible ways, a website can leak HTTP requests

Reverse proxies cheatsheet

Prototype Pollution and useful Script Gadgets

List of XSS Vectors/Payloads

A generator of weird files (binary polyglots, near polyglots, polymocks...)

A collection of browser-based side channel attack vectors.

A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

Content-Type Research

Client Side Prototype Pollution Scanner

Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)

A tool to perform Sequential Import Chaining

XS-Leaks Wiki

ctf exploit codes or writeups

Collection of my capture-the-flag web challenge in any levels

CTF write-ups

Searcher for cross-site leaks (XS-Leaks)

Same Origin XSS challenge

justCTF 2019 challenges sources

CTF Writeups

Challenge repository for the watevrCTF 2019 CTF competition

CTF writeups

Legend Agar.io Mod