Pilot program for CVE submission through GitHub. CVE Record Submission via Pilot PRs ending 6/30/2023

Sharing some info around job offers and interviews preparations

The EXCLUSIVE Collection of 50,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Fast and configurable TLS grabber focused on TLS based data collection.

Go CLI and Library for quickly mapping organization network ranges using ASN information.

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target

Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist

Top disclosed reports from HackerOne

Scan for misconfigured S3 buckets across S3-compatible APIs!

A curated list of Android Security materials and resources For Pentesters and Bug Hunters

Official Command Line Interface for the IPinfo API (IP geolocation and other types of IP data)

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.

Tips and Tutorials for Bug Bounty and also Penetration Tests.

API Security Project aims to present unique attack & defense methods in API Security field

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Find, verify, and analyze leaked credentials

Enumerate old versions of robots.txt paths using Wayback Machine for content discovery

A simple tool that helps to find assets/domains based on the Google Analytics ID.

Enumerate the permissions associated with AWS credential set

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X!

Real-world infosec wordlists, updated regularly

This a adaption of tomnomnom's kxss tool with a different output format

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications

Burp Extension that copies a request and builds a FFUF skeleton

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.