ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Twitter vulnerable snippets

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Find AWS S3 buckets and test their permissions.

List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.

Cross-site scripting labs for web application security enthusiasts

Tools and datas related to Bug Bounty.

A PHP tool to brute force vhost configured on a server.

Yet Another PHP Shell - The most complete PHP reverse shell

Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.

This is my personal repo, which includes bug bounty tips, a collection of tools, one-liners, and other resources I personally prefer while hunting. It is still under development, so feel free to contribute.

Alternative to XSS Hunter for blind XSS.

Materi memulai penetration testing dari nol berbahasa Indonesia.

Bug Bounty statistics tool.

TeleStrike is a red team utility designed for adversary simulation and security auditing of Telegram accounts. Built for educational and authorized assessment purposes, it mimics real-world attack vectors to test resilience and response mechanisms in Telegram’s authentication layers.

Extract endpoints from source files.

finds hidden parameters

This project is a vulnerable web application to practice on. It is designed for educational purposes to help security enthusiasts and developers understand and mitigate common web vulnerabilities.

Webapp to perform regexp search over GitHub search.