🎯 Open Redirect Payload List

ShodanX is a tool to gather information of targets using shodan dorks⚡.

🚀 XSSFUZZ - A tool for detecting XSS vulnerabilities in web applications.

Advanced SQL Injection Techniques for Bug Bounty Hunters

Unleash the power of cloud

Burp Plugin to Bypass WAFs through the insertion of Junk Data

Virtual machines for iOS and macOS

Herramienta ideal para el despliegue automatizado de un Rogue AP con capacidad de selección de plantilla + 2FA. No requiere de conexión cableada.

Herramienta hecha en Bash ideal para automatizar ataques WiFi (WPA/WPA2 - PSK) destinados a la obtención de la contraseña.

A collection of fun Flutter experiments, created by gskinner, in partnership with Google.

Here you can find write ups for iOS Vulnerabilities that have been released.

A Tool for Domain Flyovers

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Next generation web scanner

E-mails, subdomains and names Harvester - OSINT

Extract JavaScript source trees from Sourcemap files

A python script that finds endpoints in JavaScript files

A tool for adding new lines to files, skipping duplicates

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Develo…

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Fetch all the URLs that the Wayback Machine knows about for a domain

A Very Good Command-Line Interface for Dart created by Very Good Ventures 🦄

A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon

Automatic SSRF fuzzer and exploitation tool

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…