ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

a hackbot proof-of-concept

A simple SSRF-testing sheriff written in Go

@Ethiack CLI Utility

Extract URLs, paths, secrets, and other interesting bits from JavaScript

Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.

🚀 Caido releases, wiki and roadmap

Deserialization payload generator for a variety of .NET formatters

Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes

A proposed standard that allows websites to define security policies.

CYBERSEC - A Cybersecurity Discord Bot

Driller: augmenting AFL with symbolic execution!

A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regard…

Evil client portion of EAP relay attack

GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations

A high performance TCP SYN port scanner.

Generate artistic QR code. 🎨

Community curated list of templates for the nuclei engine to find security vulnerabilities.

A static analysis security vulnerability scanner for Ruby on Rails applications

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Experimental fuzzer for PHP libraries

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

🤖 Slack bot for challenge management in large teams 🤖

A python script that finds endpoints in JavaScript files

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.