Lists (32)
API
AppSec
Appsec Training
Burp Extensions
Burp Extensions Development
Cloud
Data and Crypto
Data Identification and Manipula
Defense
Design
Detection And Forensics (DFIR)
Discovery, OSINT, Fingerprinting
Exploitation
Fuzz
Hiring and Recruiting
HTTP Scanners and DAST
IoT
Learning
Machine Learning and AI
Mobile
Network Scanners
Networking and Network Scans
Passwords
Pentest/Social
Personal and Productivity
Python
Reporting and Documentation
Resources and Standards
Reverse Engineering
SAST and Secret Scanning
Utility
Wordlists and Parsing
Stars
Cybersecurity AI (CAI), the framework for AI Security
A collection of my Frida instrumentation scripts for reverse engineering of mobile apps and more.
An OOB interaction gathering server and client library
Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).
BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
Wordlist for web fuzzing, made from a variety of reliable sources including: result from my pentests, git.rip, ChatGPT, Lex, nuclei templates, web-scanners, seclist, bo0m, and more.
Free, libre, effective, and data-driven wordlists for all!
Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.
Detect public repository dependencies in the GitHub repositories with an orphan required library.
A TLS MITM proxy for TCP/TLS/UDP traffic, with support for TLS upgrades like STARTTLS, PostgreSQL, and more.
jxscout superpowers JavaScript analysis for security researchers
5ire is a cross-platform desktop AI assistant, MCP client. It compatible with major service providers, supports local knowledge base and tools via model context protocol servers .
Official TruffleHog Burp Suite Extension. Scan Burp Suite traffic for 800+ different types of secrets (API keys, passwords, SSH keys, etc) using TruffleHog.
Inspect and instrument React Native applications at runtime
Extract +700 technologies from any repository. Detect Languages, SaaS, Cloud, Infrastructure, Dependencies and Services
A research project to add some brrrrrr to Burp
A robust command-line tool built in Rust that makes merging and deduplicating text files a breeze. Whether you're dealing with small files or massive datasets, this tool handles the heavy lifting w…
A powerful tool for automated LLM fuzzing. It is designed to help developers and security researchers identify and mitigate potential jailbreaks in their LLM APIs.
The new bridge between Ghidra and Frida!
the Network Protocol Fuzzer that we will want to use.