Nuclei templates for source code analysis. Detects hardcoded secrets, config leaks, debug endpoints. Also helps identify OWASP Top 10 issues in code. Ideal for SAST and CI/CD integration.

Links to some tools for bugbounty

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Embed a payload inside a PNG file

AI Crash Course to help busy builders catch up to the public frontier of AI research in 2 weeks

Differential testing framework for HTTP implementations

🚀 Awesome (free) web apps that work without login

Header Exploitation HTTP

Quick research done on some bug bounty blogs! Check em out :)

Attacking indiscriminately every header, cookie, GET and POST parameter with blind fury.

The cross-browser extension framework.

A generator of weird files (binary polyglots, near polyglots, polymocks...)

Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)

This repository stores some of my custom BCheck Scan configurations. Its goal is to identify intriguing elements that warrant further manual testing.

Bambdas collection for Burp Suite Professional and Community.

This repository contains some of the most exhaustive wordlists for enumeration, gathered from a lot of wordlists available on the Internet.

This tool analyzes a given Github repository and searches for dangling or force-pushed commits containing potential secret or interesting information.

Go scanner to find web cache poisoning vulnerabilities in a list of URLs

Open Redirect Payloads

f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.

The Network Execution Tool

Modern CLI for exploring vulnerability data with powerful search, filtering, and analysis capabilities.

A 33-key layout that works with all keyboards.

Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding and patching an APK.

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications

Imapsync is an IMAP transfers tool. The purpose of imapsync is to migrate IMAP accounts or to backup IMAP accounts. IMAP is one of the three current standard protocols to access mailboxes, the two …

EMBA - The firmware security analyzer

⚡ Blazing-fast tool to grab screenshots of your domain list right from terminal.