A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

A Frida script that disables Flutter's TLS verification

Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).

Collections of Orange Tsai's public presentation slides.

利用Tor搭建Socks5代理，动态切换IP

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Red Team Tool Kit

This tool is for automate the initial things that we usually do in daily pentesting. So you can focus more on the main target.

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

An automated approach to performing recon for bug bounty hunting and penetration testing.

Electron JS Browser To Find XSS Vulnerabilities Automatically

Blind WAF identification tool

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.

BinAbsInspector: Vulnerability Scanner for Binaries

A list of interesting payloads, tips and tricks for bug bounty hunters.

Client Side Prototype Pollution Scanner

Top disclosed reports from HackerOne

Python3 o365 User Enumeration Tool

A list of cheat sheets for application security

A curated list of awesome resources about Electron.js (in)security

Automatic SSRF fuzzer and exploitation tool

Dynamically invoke arbitrary unmanaged code

rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.

HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907

Various dll hollowing techniques

POCs for Shellcode Injection via Callbacks

(kinda) Malicious Outlook Reader