Stars
List of RegEx DoS (ReDoS) CVEs and resources
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
Top disclosed reports from HackerOne
🐛 A list of writeups from the Google VRP Bug Bounty program
AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.
FOFA Hacking Queries - API Key Hunter
Web Fuzzing Box - Web 模糊测试字典与一些Payloads
A curated list of awesome GraphQL Security frameworks, libraries, software and resources
The ultimate open-source library of highly-structured prompts, tools, and specialized capabilities for autonomous AI agents.
List of Mine Private wordlist i use for fuzzing
CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocke…
🚀 Free HTTP, SOCKS4, & SOCKS5 Proxy List * Updated every 5 minutes *
A lightweight GPT model, trained to discover subdomains.
"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Tips and Tutorials for Bug Bounty and also Penetration Tests.
Tools and methods that I personally use for Recon and Exploitations
💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp…
A security research tool designed to intercept and analyze OAuth requests.
Reflected XSS Payload List for Vue.js (2 & 3)
Repositories, Links, Payloads, Blogs, Tools, etc.. which I think might be useful for pentesting and bug bounty
jsleak is a tool to find secret , paths or links in the source code during the recon.
70k+ WordPress Nuclei templates, updated daily from Wordfence intel—filter by severity/tags/CVE and scan in one line. 🚀🔒
A list of interesting payloads, tips and tricks for bug bounty hunters.
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.