These are my checklists which I use during my hunting.

SQLI labs to test error based, Blind boolean based, Time based.

A tool designed to exploit CVE-2025-54068 and Remote Command Execution if the APP_KEY of the Livewire project is known.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Welcome to your ultimate Shopify resource! Find everything you need here: code snippets for features like image swatches, premium themes, tips, and beautiful store designs for inspiration. Dive in …

A Kotlin library that provides a framework for writing visual novels for JVM. At its core Ktvn provides a flexible and extensible DSL for structuring and writing visual novels and interactive stories.

Automated Subdomain Enumeration and Scanning Tool

one-click face swap

CVE-2022-36804 Atlassian Bitbucket Command Injection Vulnerability

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications

Android Library for easing Google Play Billing to your apps with support for Subscriptions, Non-Consumable and Consumable Purchases with a beautiful sample app.

Sublist3r2 is a a bug free and much faster working version of the popular subdomains enumeration tool, Sublist3r , original code by aboul3la

Subdomain Takeover tool written in Go

A collection of custom security tools for quick needs.

A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件

Burp extension to generate multi-step CSRF POC.

A list of awesome beginners-friendly projects.

Oxford Deep NLP 2017 course

A Chatroom Webapp Written In PHP

phpTraining at BIST