Stars
Most Beautiful Typing practice plugin for Neovim with dashboard
ActiveScan++ Burp Suite Plugin
403/401 Bypass Methods + Bash Automation + Your Support ;)
Backup Files Wordlist Generator - generate a comprehensive list of potential backup file Wordlist based on a given list URL and backup file extensions or wordlist.
🚀 XSSFUZZ - A tool for detecting XSS vulnerabilities in web applications.
「🔑」A tool used to hunt down API key leaks in JS files and pages
Burp HTTP history browser (bhhb) - A tool to view HTTP history exported from Burp Suite Community Edition
Various *nix tools built as statically-linked binaries
CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).
Find, verify, and analyze leaked credentials
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
A faster, simpler way to drive browsers supporting the Chrome DevTools Protocol.
The Most Advanced Client-Side Prototype Pollution Scanner
A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure code reviews. Features common vulnerabilities found in real-wor…
Various webshells. We accept pull requests for additions to this collection.
An encyclopedia for offensive and defensive security knowledge in cloud native technologies.
π RuView: WiFi DensePose turns commodity WiFi signals into real-time human pose estimation, vital sign monitoring, and presence detection — all without a single pixel of video.
The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Open source education content for the researcher community
Deliberately vulnerable banking app for CVE-2025-55182 (React) and CVE-2025-66478 (Next.js) to learn, detect, and safely exercise React2Shell. Runs unpatched React 19.0.0 and Next.js 15.0.3.
vulnerable React.js application designed for pentestting. It includes common web vulnerabilities such as NoSQL Injection, Cross-Site Scripting (XSS), Open Redirect, and Session Management Issues.
Sample images for testing Exif metadata retrieval.
oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning
🙃 A delightful community-driven (with 2,400+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python…