Opensource IDE For Exploring and Testing API's (lightweight alternative to Postman/Insomnia)

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

A curated list of CTF frameworks, libraries, resources and softwares

A small, fast, JavaScript-based JavaScript parser

Program for determining types of files for Windows, Linux and MacOS.

Beautifier for javascript

微信调试，各种WebView样式调试、手机浏览器的页面真机调试。便捷的远程调试手机页面、抓包工具，支持：HTTP/HTTPS，无需USB连接设备。

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

Cloud Security Posture Management (CSPM)

Debug your GitHub Actions via SSH by using tmate to get access to the runner system itself.

A minimal Jekyll Theme to host your resume (CV) on GitHub with a few clicks.

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

WebSocket cat

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

A container repository for my public web hacks!

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks

XSS payloads designed to turn alert(1) into P1

PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.

A DNS rebinding attack framework.

Convert API descriptions between popular formats such as OpenAPI(fka Swagger), RAML, API Blueprint, WADL, etc.

[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods…

Sleepy Puppy XSS Payload Management Framework

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

a Damn Vulnerable Serverless Application

Client Side Prototype Pollution Scanner

DNS Rebinding Exploitation Framework

My personal cheat sheet for using WinDbg for kernel debugging

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom Java…