Stars
A framework for prompt tuning using Intent-based Prompt Calibration
💫 Toolkit to help you get started with Spec-Driven Development
A curated list of amazingly awesome Burp Extensions
Tool for Active Directory Certificate Services enumeration and abuse
🔍 gowitness - a golang, web screenshot utility using Chrome Headless
A DNS meta-query spider that enumerates DNS records, and subdomains.
MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering and easy input-output support.
XSS spider - 66/66 wavsep XSS detected
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
Automagically reverse-engineer REST APIs via capturing traffic
grep rough audit - source code auditing tool
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Find, verify, and analyze leaked credentials
The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widesprea…
Tool to help exploit XXE vulnerabilities
Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
HTTP/2 Last Frame Synchronization (also known as Single Packet Attack) low Level Library / Tool based on Scapy + Exploit Timing Attacks
Burp Plugin to Bypass WAFs through the insertion of Junk Data
Burp Suite Logger++: Log activities of all the tools in Burp Suite
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, …