My useful files for penetration tests, security assessments, bug bounty and other security related stuff

Hackers Cookbook - Tons of hacker cli recipes ready to search and use when you need them

Java decompilation & deobfuscation lab - dockerized toolset

ReconHound is a Python-based web reconnaissance tool designed for penetration testers, bug bounty hunters, and ethical hackers. It supports directory and file enumeration, subdomain enumeration, fuzzing, and virtual host (vhost) discovery.

In the context of web application penetration testing, Google Dorks can be used to find vulnerabilities and sensitive information in websites. This involves searching for specific keywords or file types that can indicate the presence of vulnerabilities or sensitive information, such as login pages, database files, and backups.

A professional platform that simplifies penetration testing by providing a unified dashboard for managing targets, automating scans, integrating diverse tools, and delivering AI-powered insights.

"Of course I tested CORS!", or ofCORS for short, is a comprehensive automated CORS tester for highlighting potential CORS vulnerabilities in web applications.

JWT automated tester with 7 attack modules for comprehensive JSON Web Token testing for penetration testers and bug bounty hunters.

BLHawk - Dead links aren't always dead!

WEBFANG, is my first CLI, a modular OSINT & Reconnaissance toolkit curated for Ethical Hackers and Red-Teamers. Sink fangs into web targets using a passive intel gathering approach, active Spidering, DNS/WHOIS lookups & Shodan, All in a lightweight package. Choose your weapon & happy hunting.

Domain Grabber — A Python CLI tool to fetch unique root domains from Archive.org CDX API based on given domain extensions (e.g., .id, .co.id, .ac.id). Supports multiple extensions, progress tracking, retry with User-Agent rotation, and automatic result saving. Ideal for OSINT, domain research, and penetration testing reconnaissance.

Chrome and Firefox extension that lists Amazon S3 Buckets while browsing

Metlo is an open-source API security platform.

DomainHound is a simple yet powerful Python tool designed to filter subdomains based on a custom wordlist. It helps bug bounty hunters, penetration testers, and security researchers quickly locate subdomains of interest from massive domain lists.

Hello, fellow bug bounty hunters! This repository is a collection of my personal bug bounty and security researching resources, scripts, and notes. My goal is to share useful information and tools that have helped me in my own journey, with the hope that they can do the same for you.

🔍 Advanced parameter discovery tool for web security testing. Extract parameters from web apps with HTTP/2 support, headless browser, and intelligent filtering. Built for bug bounty hunters.

OSINT tools and more but without API key

A modern, fully automated WCD testing tool designed for bug bounty hunters and red teamers to detect and exploit Web Cache Deception vulnerabilities, now featuring advanced origin IP discovery and exploitation capabilities.

Detect Program Bug Bounty

A browser extension that helps bug bounty hunters rewrite and improve their communications with ai.