QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G radio frames, among other things.

🔒 A collection of cheatsheets for various infosec tools and topics.

Checklist of the most important security countermeasures when designing, testing, and releasing your API

💣 Impulse Denial-of-service ToolKit

ADB-Toolkit V2 for easy ADB tricks with many perks in all one. ENJOY!

List of API's for gathering information about phone numbers, addresses, domains etc

The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb

OSCP

📜 A collection of wordlists for many different usages

Proof of concept for abusing Telegram's "People Near Me" feature and tracking people's location

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

OSINT open-source tools catalog

Clone a voice in 5 seconds to generate arbitrary speech in real-time

Recon script that searches for subdomains taking advantage of data sources such as: BufferOver.run, Crt.sh, CertSpotter, JLDC, RapidDNS.io, Riddler.io, Sonar.Omnisint.io, Synapsint.com

Hashing big file with FileReader JS

A OSINT tool to obtain a target's phone number just by having his email address

19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNE…

Core and web app for Proof of Existence - the original blockchain notary service

A collection of awesome penetration testing resources, tools and other shiny things

The labs for my Udemy course (https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec)

holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.

Chrome extension to alert and possibly block IDN/Unicode websites and zero-day phishing websites using AI and Computer Vision.

Rubber Ducky with arduino uno

Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

🎤⌨️ Acoustic keyboard eavesdropping