Golang tool which helps dropping the irrelevant entries from your ffuf result file.

FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

Covenant is a collaborative .NET C2 framework for red teamers.

Tools and Techniques for Red Team / Penetration Testing

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Demo of API key cracking using a timing attack

🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓

API Security Vulnerability Scanner designed to help you secure your APIs.

List of every possible vulnerabilities in computer security.

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Hardware design files for TSGP Studio's Flipper Zero ESP32 Marauder&NRF24&CC1101 3 IN 1 board

Local File Inclusion discovery and exploitation tool

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

Automation of tokens/api keys testing.

Nuclei templates for K8S security scanning

Crawl a site to generate knowledge files to create your own custom GPT from a URL

NucleiScanner is a Powerful Automation tool for detecting Unknown Vulnerabilities in the Web Applications

A amplification/reflector scanner with CIDR support. Used for finding vulnerable protocols on your network commonly used by attackers to launch DrDoS attacks.

Calculate favicon hash for SHODAN

JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about services. Generate re…

A next-generation crawling and spidering framework.

Static Analyzer for Solidity and Vyper

Static solidity smart contracts scanner written in Python

Asset inventory of over 800 public bug bounty programs.

Find all libraries on cdn.js that pollute your prototype

Burp Suite extension that offers a toolkit for testing GraphQL endpoints.