This repository is a one-stop shop for diving deep into the fascinating world of mXSS (mutations caused by browser quirks in HTML parsing). providing a curated list of examples that showcase unexpe…

HTML 24 4 Updated Feb 25, 2025

TheManticoreProject / Manticore

A cross platform library to write offensive and defensive security tools in Go

Go 130 6 Updated Nov 21, 2025

avlidienbrunn / archivealchemist

Archive Alchemist is a tool for creating specially crafted archives to test extraction vulnerabilities.

Python 223 15 Updated Jul 24, 2025

pspaul / jar-poisoner

Replaces every class in a JAR file with a malicious one

Python 3 Updated Mar 11, 2025

BlackFan / BFScan

Tool for finding URLs, paths, secrets and generating raw HTTP requests and OpenApi specifications from config files and annotations used in JAR / WAR / APK applications.

Java 234 21 Updated Dec 9, 2025

JorianWoltjer / responder

Easily create and share Proof of Concepts in HTML, JavaScript, etc. with custom headers, all via query parameters

Vue 14 1 Updated Oct 1, 2025

Icare1337 / LibreOffice_Tips_Bug_Bounty

Some tips for Bug Bounty using LibreOffice

HTML 55 6 Updated Feb 28, 2025

pdstat / graphqlextractor

Extract GraphQL operations from javascript

JavaScript 23 2 Updated Nov 27, 2025

assetnote / surf

Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.

Go 699 52 Updated Dec 19, 2023

hippiiee / Hippie-OSINT-Toolkit

A web based OSINT ressource and tool

TypeScript 186 15 Updated Apr 6, 2025

synacktiv / action-octoscan

📦 A GitHub Action that performs a security scan of your GitHub Actions.

Shell 25 Updated Oct 28, 2024

synacktiv / laravel-crypto-killer

A tool designed to exploit bad implementations of decryption mechanisms in Laravel applications.

Python 118 11 Updated Jun 25, 2025

lauritzh / dead-domain-discovery

This Chromium extension scans the page for external iFrames, Scripts, and Styles, logs them to the console, and checks if their domains are resolvable.

JavaScript 68 18 Updated Jan 8, 2025

NetSPI / MicroBurst

A collection of scripts for assessing Microsoft Azure security

PowerShell 2,291 336 Updated Oct 29, 2025

su18 / hack-fastjson-1.2.80

520 63 Updated Sep 16, 2022

synacktiv / CVE-2024-45409

Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409) exploit

Python 82 13 Updated Oct 7, 2024

renniepak / CSPBypass

CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocke…

HTML 527 82 Updated Dec 18, 2025

RickdeJager / cupshax

Python 233 61 Updated Sep 27, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Mizu kevin-mizu

Sponsors

Achievements

Achievements

Block or report kevin-mizu

Stars

lachlan2k / React2Shell-CVE-2025-55182-original-poc

jthack / ffuf_claude_skill

caido / caido

HacktronAI / hacktivity

aliasrobotics / cai

Slonser / Ebka-Caido-AI

masatokinugawa / ShadowBreakers

nccgroup / singularity

bebiksior / Caido403Bypasser

dav3nsec / JsSuite

TheManticoreProject / FindOldSIDTraces

Vozec / Hoster

SonarSource / mxss-cheatsheet