Collection of Cyber Threat Intelligence sources from the deep and dark web

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

Various wordlists

This repo contains a list of the 10,000 most common English words in order of frequency, as determined by n-gram frequency analysis of the Google's Trillion Word Corpus.

Enumerate old versions of robots.txt paths using Wayback Machine for content discovery

A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues

Golang tool which helps dropping the irrelevant entries from your ffuf result file.

Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities

An step by step fuzzing tutorial. A GitHub Security Lab initiative

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

Reverse proxies cheatsheet

Declutters URLs in a fast and flexible way, for improving input for web hacking automations such as crawlers and vulnerability scans.

A simple tool to detect vulnerabilities described here https://portswigger.net/research/browser-powered-desync-attacks.

Combine words from two wordlist files and concatenate them with an optional delimiter

useful lists for testing

A pentest reporting tool written in Python. Free yourself from Microsoft Word.

The recursive internet scanner for hackers. 🧡

Fork of TREVORProxy with experimental Tor Stream Isolation support

Awesome list of step by step techniques to achieve Remote Code Execution on various apps!

The most exhaustive list of reliable DNS resolvers.

An enterprise friendly way of detecting and preventing secrets in code.

Unofficial documentation for the great tool Param Miner

Bypass 4xx HTTP response status codes and more. The tool is based on Python Requests, PycURL, and HTTP Client.

🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.