A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Hunt down social media accounts by username across social networks

Full reference of LinkedIn answers 2024 for skill assessments (aws-lambda, rest-api, javascript, react, git, html, jquery, mongodb, java, Go, python, machine-learning, power-point) linkedin excel t…

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Most advanced XSS scanner.

Web path scanner

Fast subdomains enumeration tool for penetration testers

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

HTTP parameter discovery suite.

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Top disclosed reports from HackerOne

A python script that finds endpoints in JavaScript files

A DNS meta-query spider that enumerates DNS records, and subdomains.

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

File upload vulnerability scanner and exploitation tool.

A high performance offensive security tool for reconnaissance and vulnerability scanning

Find leaked secrets via github search

DNS Enumeration Script

Generates permutations, alterations and mutations of subdomains and then resolves them

A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

A collection of tools to perform searches on GitHub.

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.