Original Proof-of-Concepts for React2Shell CVE-2025-55182

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)

🐬 Feature-rich, stable and customizable Flipper Firmware

Wordlist para solucionar brute force em diretórios com nomes em inglês e português-brasileiro.

Python script that performs email address validation against Office 365 without submitting login attempts.

C2/post-exploitation framework

A Burp Suite extension for Lightning/Aura framework security testing with advanced action management, context editing, and comprehensive audit capabilities.

🚀 Free HTTP, SOCKS4, & SOCKS5 Proxy List * Updated every 5 minutes *

Never forget where you inject.

Burp extension for Recursive Request Exploits (RRE) — DEFCON 2025

A fast TCP/UDP tunnel over HTTP

A Chrome extension that automatically scans web pages and internal links for user-defined keywords, storing results and sending notifications or alerts.

Security Auditor Utility for GraphQL APIs

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

This project is aimed at freely providing technical guides on various hacking topics.

Get PROXY List that gets updated everyday

A versatile and portable proxy for capturing, manipulating, and replaying HTTP/HTTPS traffic on the go.

An incredibly fast proxy checker & IP rotator with ease.

Scrape domain names from SSL certificates of arbitrary hosts

Pull out bits of URLs provided on stdin

Node.js library for creating Guacamole-compatible servers. Guacamole is a RDP/VNC/SSH/Telnet client for HTML5 browsers.

This application offers several API services with straightforward examples for testing communication. Use the provided requests to quickly try out and verify each API endpoint.

A page with AWS commands and utilities.

A fancier postMessage tracker with Chrome Manifest version V3 support and a few additional features, inspired by Frans Rosens postmessage tracker.

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

🔤 A list of all the public package names on npm. Updated daily.

MapperPlus facilitates the extraction of source code from a collection of targets that have publicly exposed .js.map files.

Windows Privilege Escalation Techniques and Scripts