Lists (1)
Stars
NextSSRF — CVE-2026-44578 Scanner & Exploit ║ ║ Next.js WebSocket Upgrade Handler SSRF
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
MCP server that connects AI assistants to HackerOne for bug bounty hunting
Extract URLs, paths, secrets, and other interesting bits from JavaScript
Cybersecurity AI (CAI), the framework for AI Security
Curated resources, research, and tools for securing AI systems
Fabric is an open-source framework for augmenting humans using AI. It provides a modular system for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.
Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
A Broken Application - Very Vulnerable!
Build your own 'AirTags' 🏷 today! Framework for tracking personal Bluetooth devices via Apple's massive Find My network.
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way …
Mobile Edge-Dynamic Unified Security Analysis
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
Resources for Mobile Application Testing 📓
A collection of various awesome lists for hackers, pentesters and security researchers
Secret and/or credential patterns used for gf.
Passive Security Scanner (被动式安全扫描器)
🚀 A DNS automated scanner and tool 🖱️ (Zone Transfer, DNS Zone Takeover, Subdomain Takeover).
Open source education content for the researcher community
xia SQL (瞎注) burp 插件 ,在每个参数后面填加一个单引号,两个单引号,一个简单的判断注入小插件。
🐛 A list of writeups from the Google VRP Bug Bounty program