terjanq / Tiny-XSS-Payloads

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

tomnomnom / assetfinder

Find domains and subdomains related to a given domain

qazbnm456 / awesome-web-security

🐶 A curated list of Web Security materials and resources.

m4ll0k / Atlas

Quick SQLMap Tamper Suggester

swisskyrepo / PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

LeeBrotherston / badflare

OSINT tool for discovering the real IP addresses of services which are behind Cloudflare but not properly locked down

nccgroup / raccoon

Salesforce object access auditor

LewisArdern / bXSS

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

WangYihang / GitHacker

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

ayoubfathi / leaky-paths

A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to ...

J0o1ey / BountyHunterInChina

重生之我在安全行业讨口子系列,分享在安全行业讨口子过程中,SRC、项目实战的有趣案例

glebarez / padre

Blazing fast, advanced Padding Oracle exploit

s0md3v / uro

declutters url lists for crawling/pentesting

hahwul / WebHackersWeapons

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

iangcarroll / cookiemonster

🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.

seeu-inspace / easyg

Here I gather all the resources about hacking that I find interesting

digininja / CeWL

CeWL is a Custom Word List Generator

byt3hx / jsleak

jsleak is a tool to find secret , paths or links in the source code during the recon.

hakluke / weaponised-XSS-payloads

XSS payloads designed to turn alert(1) into P1

r0075h3ll / Oralyzer

Open Redirection Analyzer

swisskyrepo / SSRFmap

Automatic SSRF fuzzer and exploitation tool

KishanBagaria / padding-oracle-attacker

🔓 CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.

reewardius / bbFuzzing.txt

julianjm / waf_bypadd

This Burp Suite extension is designed to bypass Web Application Firewalls (WAFs) by padding HTTP requests with dummy data.

iamadamdev / bypass-paywalls-chrome

Bypass Paywalls web browser extension for Chrome and Firefox.

maikypedia / ctf-webhub

snyk / socketsleuth

Burp Extension to add additional functionality for pentesting websocket based applications

almandin / fuxploider

File upload vulnerability scanner and exploitation tool.

dwisiswant0 / crlfuzz

A fast tool to scan CRLF vulnerability written in Go

streaak / keyhacks

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.