A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

An intelligence gathering tool for hacking Bluetooth

Automatically exported from code.google.com/p/domxsswiki

📱 objection - runtime mobile exploration

SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.

ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )

DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover

Fetches javascript file from a list of URLS or subdomains.

Performing automated scan using Burp Suite Pro & Vmware Burp Rest API

A command-line tool for Cross-Site WebSocket Hijacking

An awesome list of FREE resources for training, conferences, speaking, labs, reading, etc that are free. Originally built during COVID-19 for cybersecurity professionals with downtime can take adva…

Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps C…

Day4 Lab

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

HopLa Burp Suite Extender plugin - Brings AI capabilities, autocompletion support, and a set of useful payloads to Burp Suite

A Modern Orchestration Engine for Security

Sub-Domain TakeOver Vulnerability Scanner

List of Awesome Asset Discovery Resources

Reconnaissance Swiss Army Knife

Match and Replace script used to automatically generate JSON option file to BurpSuite

Awesome XSS stuff

ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.

A collection of hacking / penetration testing resources to make you better!

✍️ A curated list of CVE PoCs.

The project contains multiple shell scripts for automating the tasks during recon.