This repo includes ChatGPT prompt curation to use ChatGPT and other LLM tools better.

The best design tools and plugins for everything 👉

The Browser Exploitation Framework Project

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

Consume and generate source maps.

Pentest Report Generator

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

Binary instrumentation framework based on FRIDA

A collection of my Frida instrumentation scripts for reverse engineering of mobile apps and more.

A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon

PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.

A DNS rebinding attack framework.

A Node.js package for BLE (Bluetooth Low Energy) security assessment using Man-in-the-Middle and other attacks

Open source platform for cyber security analysts with many features for threat intelligence and detection engineering.

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

A Javascript Deobfuscator

Pentest Report Generator

DOM XSS scanner for Single Page Applications

A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements.

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom Java…

JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.

A tool to help you intercept encrypted APIs in iOS or Android apps

Frida Script Runner is a versatile web-based tool designed for Android and iOS penetration testing purposes.

🌐 Identify the technologies powering any website. This is a fork of the now deleted Wappalyzer project by @AliasIO and community.

MapperPlus facilitates the extraction of source code from a collection of targets that have publicly exposed .js.map files.

jxscout superpowers JavaScript analysis for security researchers

A Firefox Web Extension to improve the discovery of DOM XSS.

Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.

Discover hidden debugging parameters and uncover web application secrets