This script is intended to automate your reconnaissance process in an organized fashion

Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services.

An LLM-powered knowledge curation system that researches a topic and generates a full-length report with citations.

YesWeHack Api Extension for Burp

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

A wordlist framework to fullfill your kinks with your wordlists. For security researchers, bug bounty and hackers.

A tool for adding new lines to files, skipping duplicates

A terminal image and video viewer.

Burp Suite extension that mutates ciphers to bypass TLS-fingerprint based bot detection

Potentially dangerous files

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a rang…

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

Python wrapper for ysoserial-all.jar that makes exploiting Java deserialization much easier

A fast and minimal JS endpoint extractor

Fast passive subdomain enumeration tool.

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Real-world infosec wordlists, updated regularly

This tool use fuuzzing to try to bypass unknown authentication methods, who knows...

Never ever ever use pixelation as a redaction technique

CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).

🐍 The official Python client library for Google's discovery based APIs.

Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)

Additional active scan checks for BURP

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Extract urls from text

Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applications by taking a session token and checking access across …

Custom Trickest Workflows