🕵️‍♂️ All-in-one OSINT tool for analysing any website

Find web directories without bruteforce

Download a large file from Google Drive (curl/wget fails because of the security notice).

It's a vulnerability scanner tool for test Apache Path Traversal 👾

Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework

This repository contains resources to learn blockchain technologies and blockchain hacking.

User-Agent , X-Forwarded-For and Referer SQLI Fuzzer

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

Some simple scripts that I use during bug bounty hunting in Android Apps

A repository to host the subdomain wordlists from my blog https://medium.com/@nynan/what-i-learnt-from-reading-217-subdomain-takeover-bug-reports-c0b94eda4366

A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively.

Most usable tools for iOS penetration testing

⚙️ A curated list of dynamic analysis tools for all programming languages, binaries, and more.

Ansible Playbook for setting up cPanel and CoudLinux Servers. Compatible with CentOS 6 and 7

High-performance load testing tool, written in Golang.

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Ethereum recon and exploitation tool.

Scans tcl for command injection

A python script that finds endpoints in JavaScript files

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

External Network Pentest Automation using Shodan API and other tools.

Collection of the most common vulnerabilities found in iOS applications

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information colle…

Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities.

Curated list of public penetration test reports released by several consulting firms and academic security groups

Visualize Solidity control flow for smart contract security analysis. 💵 ⇆ 💵