Stars
A simple Bash script to discover all domains associated with a specific Microsoft 365 tenant - new replacement for check_mdi
Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
AI Security Shared Responsibility Model
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
wallabag is a self hostable application for saving web pages: Save and classify articles. Read them later. Freely.
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
JamfHound is a python3 project designed to collect and identify attack paths in Jamf Pro tenants based on existing object permissions by outputting data as JSON for ingestion into BloodHound.
📄 Configuration files that enhance Cursor AI editor experience with custom rules and behaviors
Free, no-nonsense, super fast blogging.
A repository containing many free shaders to use with ghostty (the terminal)
The most intuitive desktop API client. Organize and execute REST, GraphQL, WebSockets, Server Sent Events, and gRPC 🦬
A Magisk/KernelSU module that automatically adds user certificates to the system root CA store
Set of tools to assess and improve LLM security.
A fast, minimalistic scanner for time-based SQL injection (SQLi) detection – built in Go.
Damn Vulnerable MCP Server
Questions that I ask myself at the end of each year and each decade.
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.
Methodology, links, tools for OSINT in different countries
The modern API client that lives in your terminal.
An open-source personal API framework.