Collection of documentation, tools, and tips related to vulnerability research.

SSRF (Server Side Request Forgery) testing resources

rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks

React Shell & Next.js RSC Exploit Tool (CVE-2025-55182)

Write-ups of my findings.

Find, verify, and analyze leaked credentials

A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

A collection of custom security tools for quick needs.

HTTP Request Smuggling Detection Tool

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!

Extracts URLs from OSINT Archives for Security Insights

⚔️ A compiled list of companies who have active programs for responsible disclosure. MCP-enabled.

Check if domain has bug bounty program or not

🐛 A list of writeups from the Google VRP Bug Bounty program

Tool to extract & validate google fcm server keys from apks

latest version of scanners for IIS short filename (8.3) disclosure vulnerability

Asset inventory of over 800 public bug bounty programs.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

DNS Zone Transfer Testing Tool

Chrome Extension for Spidering a Website, which was started from google-site-spider.

Rockyou for web fuzzing

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!