Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers to your "resolver.txt"

Test your prompts, agents, and RAGs. AI Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with co…

Inspect a command's effects before modifying your live system

Collection of awesome LLM apps with AI Agents and RAG using OpenAI, Anthropic, Gemini and opensource models.

This repository showcases various advanced techniques for Retrieval-Augmented Generation (RAG) systems. RAG systems combine information retrieval with generative models to provide accurate and cont…

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

MapperPlus facilitates the extraction of source code from a collection of targets that have publicly exposed .js.map files.

Send push notifications to your phone or desktop using PUT/POST

A command-line benchmarking tool

a javascript change monitoring tool for bugbounties

Free, libre, effective, and data-driven wordlists for all!

BChecks collection for Burp Suite Professional and Burp Suite DAST

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

Detailed information about API key / OAuth token (Description, Request, Response, Regex, Example)

Search the common crawl using lambda functions

🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), OpenAI (GPTBot) and other with daily updates.

A curated list of wordlists for bruteforcing and fuzzing

Real world bug bounty wordlists

A next-generation crawling and spidering framework.

GCP GOAT is the vulnerable application for learn the GCP Security

Rockyou for web fuzzing

Solidity contract visualisation tool

Simple, intentionally-limited versions of web3 protocols & apps.

Burp Suite Extension useful to verify OAUTHv2 and OpenID security

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

WhereToGo - is a list of popular services that might be used in organizations. By having an account of the user - you can try to find entry points to the organization data.

Rust-based high performance domain permutation generator.

Converts/manipulates/extracts data from a Nmap scan output.