Stars
ShodanX is a tool to gather information of targets using shodan dorks⚡.
🚀 XSSFUZZ - A tool for detecting XSS vulnerabilities in web applications.
Advanced SQL Injection Techniques for Bug Bounty Hunters
Burp Plugin to Bypass WAFs through the insertion of Junk Data
Herramienta ideal para el despliegue automatizado de un Rogue AP con capacidad de selección de plantilla + 2FA. No requiere de conexión cableada.
Herramienta hecha en Bash ideal para automatizar ataques WiFi (WPA/WPA2 - PSK) destinados a la obtención de la contraseña.
A collection of fun Flutter experiments, created by gskinner, in partnership with Google.
Here you can find write ups for iOS Vulnerabilities that have been released.
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
E-mails, subdomains and names Harvester - OSINT
Extract JavaScript source trees from Sourcemap files
A python script that finds endpoints in JavaScript files
A tool for adding new lines to files, skipping duplicates
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Develo…
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
Fetch all the URLs that the Wayback Machine knows about for a domain
A Very Good Command-Line Interface for Dart created by Very Good Ventures 🦄
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
Automatic SSRF fuzzer and exploitation tool
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…