Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to…

Go 533 81 Updated Apr 10, 2022

nccgroup / VCG

VisualCodeGrepper - Code security scanning tool.

Visual Basic .NET 537 117 Updated Jul 6, 2023

ihebski / DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Python 6,049 726 Updated Apr 15, 2025

jhaddix / SubreconGPT

Python 105 22 Updated May 25, 2023

blacklanternsecurity / bbot

The recursive internet scanner for hackers. 🧡

Python 8,349 653 Updated Apr 23, 2025

BishopFox / cloudfox

Automating situational awareness for cloud penetration tests.

Go 2,084 199 Updated Mar 13, 2025

xhzeem / paramix

Paramix is a command-line tool for modifying the parameters of a list of URLs from stdin and returns them in stdout.

Go 16 2 Updated Aug 23, 2024

pry0cc / ProxyDock

ProxyDock is a Dockerfile and Bash script that converts your OpenVPN files into local proxies.

Python 138 26 Updated Feb 20, 2020

kiranreddyrebel / PostMessage_Fuzz_Tool

#BugBounty #BugBounty Tools #WebDeveloper Tool

JavaScript 37 8 Updated Oct 11, 2019

evyatarmeged / Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning

Python 3,167 412 Updated Jun 4, 2024

GitGuardian / ggshield

Detect and validate 400+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.

Python 1,744 155 Updated Apr 23, 2025

APTRS / APTRS

Automated pentest reporting with custom Word templates, project tracking, and client management tools. Streamline your security workflows effortlessly!

TypeScript 966 115 Updated Apr 10, 2025

ayoubfathi / leaky-paths

A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to …

971 156 Updated Jun 24, 2024

fuzzdb-project / fuzzdb

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

PHP 8,495 2,122 Updated Nov 10, 2023

bayotop / off-by-slash

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

Python 259 35 Updated Nov 18, 2021

minamo7sen / burp-JS-Miner

This tool tries to find interesting stuff inside static files; mainly JavaScript and JSON files.

Java 56 20 Updated May 30, 2023

cnotin / burp-scan-manual-insertion-point

Burp Suite Pro extension

Java 10 5 Updated May 26, 2017

moeinfatehi / Admin-Panel_Finder

A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)

Java 118 20 Updated Jun 16, 2022

akabe1 / OAUTHScan

Burp Suite Extension useful to verify OAUTHv2 and OpenID security

Java 173 26 Updated Oct 26, 2024

PortSwigger / oauth-scan

Forked from akabe1/OAUTHScan

Burp Suite Extension useful to verify OAUTHv2 and OpenID security

Java 187 5 Updated Dec 3, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

0xtavi 0xtavi

Achievements

Achievements

Block or report 0xtavi

Stars

jehna / humanify

xajkep / wordlists

xm1k3 / cent

mllamazares / vulncov

iustin24 / chameleon

h4x0r-dz / Leaked-Credentials

owasp-noir / noir

insidersec / insider