Skip to content
View sbzo's full-sized avatar
9 followers · 4 following

Achievements

Achievement: QuickdrawAchievement: Arctic Code Vault ContributorAchievement: Pull Sharkx2

Achievements

Achievement: QuickdrawAchievement: Arctic Code Vault ContributorAchievement: Pull Sharkx2

Block or report sbzo

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Starred repositories

Showing results

xnl-h4ck3r / urless

De-clutter a list of URLs

Python 387 41 Updated Mar 8, 2026

trufflesecurity / trufflehog

Find, verify, and analyze leaked credentials

Go 25,943 2,349 Updated Apr 27, 2026

paralax / awesome-honeypots

an awesome list of honeypot resources

Python 10,249 1,332 Updated Apr 1, 2025

Charlie-belmer / nosqli

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

Go 408 44 Updated Oct 31, 2021

WhiteOakSecurity / Dynamic-DTD

A python Flask app that generates dynamic DTDs for easy out-of-band data exfiltration.

Python 29 13 Updated Nov 2, 2022

ArturSS7 / TukTuk

Tool for catching and logging different types of requests.

Go 220 24 Updated Nov 20, 2020

danielmiessler / SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

PHP 70,531 24,977 Updated Apr 27, 2026

HackTricks-wiki / hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

CSS 11,233 3,060 Updated Apr 27, 2026

KathanP19 / HowToHunt

Collection of methodology and test case for various web vulnerabilities.

7,104 1,928 Updated Jun 25, 2025

bugcrowd / HUNT

Python 2,323 429 Updated Dec 8, 2023

1N3 / IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

BlitzBasic 3,927 1,191 Updated Sep 27, 2021

k4m4 / dcipher

Decipher hashes using online rainbow & lookup table attack services.

JavaScript 154 23 Updated Jan 5, 2023

BuffaloWill / oxml_xxe

A tool for embedding XXE/XML exploits into different filetypes

Ruby 1,154 235 Updated Dec 16, 2024

michenriksen / aquatone

A Tool for Domain Flyovers

Go 5,927 908 Updated May 22, 2022

michenriksen / gitrob

Reconnaissance tool for GitHub organizations

Go 6,161 842 Updated Sep 20, 2022

ret2jazzy / SnCrawler

A web crawler written with pentesting in mind and some hacks for smart crawling

Python 29 14 Updated Apr 9, 2019

google / security-research-pocs

Proof-of-concept codes created as part of security research done by Google Security Team.

C++ 1,877 246 Updated Mar 12, 2021

1N3 / PrivEsc

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

C 990 312 Updated Dec 13, 2017

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool

Python 37,157 6,237 Updated Apr 24, 2026

b374k / b374k

PHP Webshell with handy features

CSS 2,630 761 Updated Jul 6, 2023

rapid7 / metasploit-framework

Metasploit Framework

Ruby 38,042 14,850 Updated Apr 27, 2026

rapid7 / metasploitable3

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

HTML 5,527 1,251 Updated Feb 13, 2025

Veil-Framework / Veil-Evasion

Veil Evasion is no longer supported, use Veil 3.0!

Python 1,839 677 Updated Sep 24, 2021

offensive-security / exploitdb

The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb

7,861 1,878 Updated Nov 10, 2022

maurosoria / dirsearch

Web path scanner

Python 14,220 2,432 Updated Mar 16, 2026

rammarj / burp-dynamic-js

Plugin for Burp Suite Free wich detects dynamic JS generated on the server side

Java 1 2 Updated Apr 25, 2023

rammarj / csrf-poc-creator

A Burp Suite extension for CSRF proof of concepts.

Java 59 23 Updated May 1, 2023

swisskyrepo / PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Python 77,290 16,896 Updated Apr 22, 2026

rudSarkar / crlf-injector

A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.

Python 49 17 Updated Apr 8, 2022

sbzo / SSRF-Testing

Forked from cujanovic/SSRF-Testing

SSRF (Server Side Request Forgery) testing resources

Python 1 Updated Sep 7, 2017
Next

Starred topics