The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.

List of RegEx DoS (ReDoS) CVEs and resources

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

Top disclosed reports from HackerOne

🐛 A list of writeups from the Google VRP Bug Bounty program

AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.

FOFA Hacking Queries - API Key Hunter

Web Fuzzing Box - Web 模糊测试字典与一些Payloads

A curated list of awesome GraphQL Security frameworks, libraries, software and resources

The ultimate open-source library of highly-structured prompts, tools, and specialized capabilities for autonomous AI agents.

List of Mine Private wordlist i use for fuzzing

CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocke…

Get PROXY List that gets updated everyday

🚀 Free HTTP, SOCKS4, & SOCKS5 Proxy List * Updated every 5 minutes *

A lightweight GPT model, trained to discover subdomains.

"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Tools and methods that I personally use for Recon and Exploitations

💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp…

An Automated Subdomain Enumeration Tool

A security research tool designed to intercept and analyze OAuth requests.

Reflected XSS Payload List for Vue.js (2 & 3)

Repositories, Links, Payloads, Blogs, Tools, etc.. which I think might be useful for pentesting and bug bounty

jsleak is a tool to find secret , paths or links in the source code during the recon.

70k+ WordPress Nuclei templates, updated daily from Wordfence intel—filter by severity/tags/CVE and scan in one line. 🚀🔒

A list of interesting payloads, tips and tricks for bug bounty hunters.