grep rough audit - source code auditing tool

🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.

A collection of hacks and one-off scripts

Unofficial documentation for the great tool Param Miner

httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.

Get related domains / subdomains by looking at Google Analytics IDs

Fritzing desktop application

Wicked sick v2.0 script is intended to automate your reconnaissance process in an organized fashion.

Protect your data against global mass surveillance programs.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Making Favicon.ico based Recon Great again !

Statically-linked ssh server with reverse shell functionality for CTFs and such

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

OSINT tool for finding profiles by username

Exploit allowing you to read registry hives as non-admin on Windows 10 and 11

MVT is a forensic tool to look for signs of infection in smartphone devices

A simple app to get songs from YouTube in mp3 format with artist name, album name etc from sources like iTunes, LastFM, Deezer, Gaana etc.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Find alive host from dumped subdomains, huge domain list , alive subdomains

Simple PoC package for testing for dependency confusion vulnerabilities.

Fast Modular Web Interfaces Bruteforcer

Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team.

DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)

API and Web App for analyzing & finding a person profile across 300+ social media websites (Detections are updated regularly)

Simple bash script to bypass "403 Forbidden" messages with well-known methods discussed in #bugbountytips

NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by the victim visiting a website