Set up a modern web app by running one command.

Obtain GraphQL API schema even if the introspection is disabled

movecert

It converts the xml formatted burpsuite proxy history to a .csv format that can be used to import in Logger ++

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

Elder driver Xposed Framework.

Hidden parameters discovery suite

List of Hourly Updated Fresh DNS resolvers

🎯 SQL Injection Payload List

A collection of hacks and one-off scripts

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be…

A Magisk/KernelSU module that automatically adds user certificates to the system root CA store

In-depth attack surface mapping and asset discovery

Potentially dangerous files

IPv6 auto discovery tool

Welcome to the XSS Challenge Wiki!

The challenge source code and solutions for FBCTF 2019

Browser's XSS Filter Bypass Cheat Sheet

A collection of the solutions people wrote for the H1-212 Capture The Flag event

alert(1) to win payloads

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.