Demo showcasing information leaks resulting from an IndexedDB same-origin policy violation in WebKit.

Android library to verify the safety of user devices. Make sure that API calls from your app can be trusted. Instantly detect rooted devices, emulators, cloned apps, and other risk factors.

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

AppSec Ezine Public Repository.

Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys

Fast web fuzzer written in Go

My simple Swiss Army knife for http/https troubleshooting and profiling.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

A collection of useful Serverless functions I use when pentesting

A tool for exploring each layer in a docker image

Content released at NorthSec 2018 for my talk on prototype pollution

A collection of templates for bug bounty reporting

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

Automatically exported from code.google.com/p/domxsswiki

Browser's XSS Filter Bypass Cheat Sheet

CVE 2017-9805

A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily i…

Wayback Machine OSINT Framework