h4ckdi
Follow
Stars
Grafana Unauthorized arbitrary file reading vulnerability
Checklist of the most important security countermeasures when designing, testing, and releasing your API
Free Introduction to Bash Scripting eBook
Extract credentials from lsass remotely
pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
403/401 Bypass Methods + Bash Automation + Your Support ;)
Small but effective wordlist for brute-forcing and discovering hidden things.
40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
List of Github repositories and articles with list of dorks for different search engines
⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
Powerful mutable web directory fuzzer to bruteforce existing and/or hidden files or directories.
🔪 
Leak git repositories from misconfigured websites
The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widesprea…
Multi-threaded, IPv6 aware, wordlists/single-user username enumeration via CVE-2018-15473
Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
A collection of awesome one-liner scripts especially for bug bounty tips.
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Menubar Tool to set Charge Limits and Prolong Battery Lifespan