Stars
Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
Unauthenticated enumeration of AWS, Azure, and GCP Principals
EvenBetterExtensions allows you to quicky install and keep updated Caido extensions.
EvenBetter is a frontend Caido plugin that makes the Caido experience even better 😎
latest version of scanners for IIS short filename (8.3) disclosure vulnerability
Quick and dirty script for applying the "Smashing the State Machine" research.
Collection of Cyber Threat Intelligence sources from the deep and dark web
A tool which exploits a backdoor in Hikvision camera firmwares circa 2014-2016 to help the owner change a forgotten password.
Go scanner to find web cache poisoning vulnerabilities in a list of URLs
Cobalt Strike HTTPS beaconing over Microsoft Graph API
Terraform Provider for Appgate SDP
A memory-based evasion technique which makes shellcode invisible from process start to end.
"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.
AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.
ScareCrow - Payload creation framework designed around EDR bypass.
LOLAPPS is a compendium of applications that can be used to carry out day-to-day exploitation.