Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.

🚀 Caido releases, wiki and roadmap

Python based scanner to find potential SSRF parameters

List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.

「🔑」A tool used to hunt down API key leaks in JS files and pages

Enhanced BurpGPT 是一个强大的 Burp Suite 插件。通过分析指定的 HTTP 请求和响应，帮助安全测试人员更快速地发现潜在的安全漏洞。

基于 BurpSuite 新版 MontoyaAPI 的 SSRF 漏洞自动探测插件

A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon

Scanning APK file for URIs, endpoints & secrets.

This challenge is Inon Shkedy's 31 days API Security Tips.

Weaponize Your Burp is a repository for automation your Bug Bounty Hunting mindset in Burp Suite

The Ultimate Information Gathering Toolkit

Automated HTTP Request Repeating With Burp Suite

A curated list of smart contract attack vectors

A collection of smart contract vulnerabilities along with prevention methods

dddd是一款使用简单的批量信息收集,供应链漏洞探测工具，旨在优化红队工作流，减少伤肝的机械性操作。支持从Hunter、Fofa批量拉取目标

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

This Repositories contains list of One Liners with Descriptions and Installation requirements

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

A modern tool written in Python that automates your xss findings.

Community curated list of nuclei templates for finding "unknown" security vulnerabilities.

A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements.

各种无后门大马的整理，有用就点个Star吧~

ARL官方仓库备份项目：ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

GoogleDorker - Unleash the power of Google dorking for ethical hackers with custom search precision.

A tool for adding new lines to files, skipping duplicates