React2Shell is a Python-based proof-of-concept tool designed to exploit CVE-2025-55182 and CVE-2025-66478, both impacting Next.js applications using React Server Components (RSC).

The Internets #1 Subdomain Takeover Tool

CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

undust is a URL pattern generator that helps uncover archived, backup, and temporary files left behind on web servers. Given a URL, it generates the most common archive, temp and backup file name v…

Tail Certificate Transparency logs and extract hostnames

PwnPad is an affordable, hands-on hardware hacking platform built for practical learning. It features a range of challenges that walk users through key hardware security concepts, from PCB design t…

A visual reference of 118 essential red team tools, frameworks & standards, organized like a periodic table. Includes a printable PDF version.

ProjectDiscovery's Open Source Tool Manager

Predatory ESP32 Firmware

HaxorTechTones YouTube channel labs and more.

Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

Basic brute-force script targeting the standard Keycloak Admin/User Console browser login flow.

Self-hosted bug bounty programs that are "scammy" or unethical

A SimpleHTTPServer written in Go, enhanced with features and with a nice design - https://goshs.de

I <3 Shells (iv3shells) is a script that generates reverse-shells in a quick-and-easy way.

This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

Discover new target domains using Content Security Policy

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

Dominate Active Directory with PowerShell.

Swagger UI >=3.14.1 < 3.38.0 XSS payload

A collection of tools that I use in CTF's or for assessments

ACEshark is a utility designed for rapid extraction and analysis of Windows service configurations and Access Control Entries, eliminating the need for tools like accesschk.exe or other non-native …

Most Responder's configuration power in your hand.

Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without relying on event logs

A DNS meta-query spider that enumerates DNS records, and subdomains.

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)