Tool for finding URLs, paths, secrets and generating raw HTTP requests and OpenApi specifications from config files and annotations used in JAR / WAR / APK applications.

Training course materials and notes related to SAP security audit and penetration testing

SPR (Swagger Proxy Runner) automates API requests based on a Swagger file, using multithreading with a semaphore to limit concurrent requests, and routes them through a proxy for analysis.

This Tool To Test Machine Keys In View State

Check if your URLs are in scope or not

A library for detecting known secrets across many web frameworks

Deserialization payload generator for a variety of .NET formatters

You just found a hidden gem 💎 This repo contains a massive amount (8000+) of WordPress related Nuclei templates. Updated daily!

All Nuclei Templates

A tool to extract the IdP cert from vCenter backups and log in as Administrator

Top disclosed reports from HackerOne

Research on GraphQL from an AppSec point of view.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

PP-finder Help you find gadget for prototype pollution exploitation

Scripts voltados à segurança do Active Directory. Soluções e técnicas utilizadas para aumentar a segurança da infraestrutura de Active Directory

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

ScanT3r - Module based Bug Bounty Automation Tool

Collection of steganography tools - helps with CTF challenges

POC列表