The Magic Mask for Android

an android OTA payload dumper written in Go

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

A curated collection of best Android Root Apps (Apps that use root permission), Magisk modules, LSPosed modules and comprehensive rooting & troubleshooting guides.

Subdover is a MultiThreaded Subdomain Takeover Vulnerability Scanner Written In Python3

A tool for automatically change the Tor IP address over time. Maximize anonymity!

his repository contains an automated Proof of Concept (PoC) script for exploiting **CVE-2025-24813**, a Remote Code Execution (RCE) vulnerability in Apache Tomcat. The vulnerability allows an attac…

A Collection of Android Pentest Learning Materials

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

A big list of Android Hackerone disclosed reports and other resources.

Android Bug Hunting

Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...

Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data, storage, and permissions effortlessly. Boost security s…

Collect real-time orderbook, trade and other HFT data from several crypto exchanges using WebSocket connections.

StoneKeeper C2, an experimental EDR evasion framework for research purposes

Burp suite extension to find sensitive information by checking incoming text OR binary websocket messages

An automated web reconnaissance tool that delivers your essential tools directly through Discord for effortless access.

This BurpSuite extension integrates BLACKBIRD Web App Pentesting Suite with Burpsuite, allowing you to seamlessly scan your targets for various security vulnerabilities directly from your Burp Suit…

pdf svg xss payload

FOFAX是一个基于fofa.info的API命令行查询工具

Flashloan arbitrage bot built using javascript, hardhat and solidity. Compares the messari subgraphs for data trading pairs which are likely to have arbitrage opportunity. Subject to liquidity in t…

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

PathPicker accepts a wide range of input -- output from git commands, grep results, searches -- pretty much anything. After parsing the input, PathPicker presents you with a nice UI to select which…

Advanced SQL Injection Techniques for Bug Bounty Hunters

Python training for business analysts and traders

Simple machine learning based web application firewall (WAF) created in python

A Spotify player in the terminal with full feature parity