Community curated list of templates for the nuclei engine to find security vulnerabilities.

A container repository for my public web hacks!

PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.

A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon

A DNS rebinding attack framework.

Sleepy Puppy XSS Payload Management Framework

A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform

secureCodeBox (SCB) - continuous secure delivery out of the box

Web Component extending IFrame to bypass X-Frame-Options: deny/sameorigin

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

DNS Rebinding Exploitation Framework

Network footprint scanner platform. Discover domains and run your custom checks periodically.

Change monitoring app that checks the content of web pages in different periods.

Continuous monitoring for JavaScript files

BountyDash is a tool to combine your rewards from all platforms, giving you insights about your progress and bug hunting patterns.

The OWASP AppSec Browser Bundle is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web …

Extract relative urls from a heap snapshot

A web application for generating custom XSS payloads

Assorted tools for security-related task for git repositories

Extensive code infrastructure for finding unintended information leaks in files, git repositories and much more.

Google Chrome Extension automates testing fundamental Web Problems via Chrome

Continuous external monitoring and vulnerability scanning for organization assets

Dora the DNS explorer and Swiper: DNS data exfiltration made easy