PowerSploit - A PowerShell Post-Exploitation Framework

SSL bypass check

List of Directory Traversal/LFI Payloads Scraped from the Internet

Disclo is a script that searches for keywords in PDF files.

Use google dork to search and download easy as gf!

The Rogue Access Point Framework

Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.

Scans remote JavaScript files with Trufflehog + Semgrep to detect leaked secrets

APKx is a high-performance tool written in Go for scanning Android APK files to discover sensitive information like URIs, endpoints, and secrets. It's inspired by APKLeaks but reimplemented in Go w…

Here are some cool and some unpublished Dorks

Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.

A fast, minimalist and responsive hugo theme for bloggers.

Injectra is a Python-based tool for injecting custom payloads into various file types using their magic numbers. It supports file types like zip, rar, docx, jpg, and more, allowing for customizable…

AI Crash Course to help busy builders catch up to the public frontier of AI research in 2 weeks

Your AI second brain. Self-hostable. Get answers from the web or your docs. Build custom agents, schedule automations, do deep research. Turn any online or local LLM into your personal, autonomous …

Scan for misconfigured S3 buckets across S3-compatible APIs!

Automate Recon XSS Bug Bounty

An enhanced OWASP Testing Guide v4.2 with tips, tricks, and new vulnerabilities not in the OWASP list. Features modular testing, actionable examples, and real-world scenarios for beginners and adva…

Not so awesome Web3 Security Reasearcher roadmap by tpiliposian

The ultimate, most advanced, security, DeFi, assembly, web3 auditor course ever created.

🔍 Overwatch is an automated vulnerability scanning and notification bash wrapper designed for continuous monitoring and reporting of 🛡️ critical and ⚠️ high-severity findings. It leverages Axiom, S…

Get ChatGPT/GitHub Copilot suggestions in your zsh prompt

curation of all(most) immunefi bug bounty writeups I could find(till now)

Information about web3 security and programming tutorials/tools

Collection of awesome LLM apps with AI Agents and RAG using OpenAI, Anthropic, Gemini and opensource models.

Scrappy bot army that automates web3 bug hunting workflows.

YouTube Music Desktop App bundled with custom plugins (and built-in ad blocker / downloader)

Prompt Injection Primer for Engineers

Automated JavaScript Debugging Tool using CDP - Automatically sets breakpoints for specified strings/patterns in JavaScript code

Testing TLS/SSL encryption anywhere on any port