A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.

⚠️ This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory

Making Favicon.ico based Recon Great again !

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…

Scanning APK file for URIs, endpoints & secrets.

Jailbreak for A8 through A11, T2 devices, on iOS/iPadOS/tvOS 15.0, bridgeOS 5.0 and higher.

evilginx3 + gophish

A curated list of dotfiles resources.

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

PoC to bypass mCaptcha and its rate limiting capabilities from a fully automated bot.

declutters url lists for crawling/pentesting

A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.

Useful "Match and Replace" burpsuite rules

A cheat sheet that contains advanced queries for SQL Injection of all types.

Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.

Generate Email, Register for anything, Get the OTP/Link

Run macOS on QEMU/KVM. With OpenCore + Monterey + Ventura + Sonoma support now! Only commercial (paid) support is available now to avoid spammy issues. No Mac system is required.

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.

All about bug bounty (bypasses, payloads, and etc)

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Incredibly fast crawler designed for OSINT.

CORS Misconfiguration Scanner

HTTP parameter discovery suite.