Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.

RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)

Docker poc lab for CVE-2025-55182 / CVE-2025-66478 (React2Shell) detection and exploitation

Original Proof-of-Concepts for React2Shell CVE-2025-55182

Log4Shell / Log4J Payload - CVE-2021-45046 and CVE-2022-42889

Google Aiza API Scanner

♥ gOd fAtHEr oRwA

List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.

Asset inventory of over 800 public bug bounty programs.

this repo contains all types of pdf exploits..

Free 2D symbols for computer network diagrams

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving to…

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Scrapts Scrapts Scrapts

how to look for Leaked Credentials !

Extract JavaScript source trees from Sourcemap files

This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them

This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.

40,000+ Nuclei templates for security scanning and detection across diverse web applications and services

A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting