Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to…

Go 553 82 Updated Apr 10, 2022

nccgroup / VCG

VisualCodeGrepper - Code security scanning tool.

Visual Basic .NET 543 118 Updated Jul 6, 2023

ihebski / DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Python 6,341 755 Updated Nov 6, 2025

jhaddix / SubreconGPT

Python 111 24 Updated May 25, 2023

blacklanternsecurity / bbot

The recursive internet scanner for hackers. 🧡

Python 9,228 761 Updated Dec 19, 2025

BishopFox / cloudfox

Automating situational awareness for cloud penetration tests.

Go 2,257 214 Updated Dec 17, 2025

xhzeem / paramix

Paramix is a command-line tool for modifying the parameters of a list of URLs from stdin and returns them in stdout.

Go 17 2 Updated Aug 23, 2024

pry0cc / ProxyDock

ProxyDock is a Dockerfile and Bash script that converts your OpenVPN files into local proxies.

Python 136 26 Updated Feb 20, 2020

kiranreddyrebel / PostMessage_Fuzz_Tool

#BugBounty #BugBounty Tools #WebDeveloper Tool

JavaScript 38 8 Updated May 17, 2025

evyatarmeged / Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning

Python 3,278 420 Updated Jun 10, 2025

GitGuardian / ggshield

Detect and validate 500+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.

Python 1,890 180 Updated Dec 18, 2025

APTRS / APTRS

Automated pentest reporting with custom templates, project tracking, customer dashboard and client management tools. Streamline your security workflows effortlessly!

TypeScript 1,054 131 Updated Dec 3, 2025

ayoubfathi / leaky-paths

A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to …

1,005 157 Updated Jun 24, 2024

fuzzdb-project / fuzzdb

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

PHP 8,756 2,126 Updated Nov 10, 2023

bayotop / off-by-slash

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

Python 264 36 Updated Nov 18, 2021

minamo7sen / burp-JS-Miner

This tool tries to find interesting stuff inside static files; mainly JavaScript and JSON files.

Java 56 25 Updated May 30, 2023

cnotin / burp-scan-manual-insertion-point

Burp Suite Pro extension

Java 11 5 Updated May 26, 2017

moeinfatehi / Admin-Panel_Finder

A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)

Java 122 22 Updated Jun 16, 2022

akabe1 / OAUTHScan

Burp Suite Extension useful to verify OAUTHv2 and OpenID security

Java 174 26 Updated Oct 26, 2024

PortSwigger / oauth-scan

Forked from akabe1/OAUTHScan

Burp Suite Extension useful to verify OAUTHv2 and OpenID security

Java 192 5 Updated Dec 3, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

0xtavi 0xtavi

Achievements

Achievements

Block or report 0xtavi

Stars

jehna / humanify

xajkep / wordlists

xm1k3 / cent

mllamazares / vulncov

iustin24 / chameleon

h4x0r-dz / Leaked-Credentials

owasp-noir / noir

insidersec / insider