A cloudflare verification bypass script for webscraping

Top disclosed reports from HackerOne

A tool to find cloud buckets from Domains and Subdomains using Google, DNS, Gray Hat Warfare and all might Scraping

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

Obtain GraphQL API schema even if the introspection is disabled

XENA is Cross-Platform Software for Cyber-Security Automation, Adversary Simulations, and Red Team Operations. XENA strives to be fully integrated security penetration testing framework. It is equi…

Legitimate bug bounty programs value ethical practices and provide clear rewards to researchers for identifying security flaws

All the labs in this repository simulate real world bugs I found in the wild

Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.

A curated list of blockchain security Capture the Flag (CTF) competitions

workflow for testing broken access control

A powerful asynchronous XSS scanner supporting up to 1,500 concurrent requests.

sqlmap Discord Webhook Addition

Powerful JavaScript bookmarklet designed for discovering and analyzing endpoints embedded in JavaScript files across various domains

A cheat sheet that contains advanced queries for SQL Injection of all types.

Insecure Firebase | Bugbounty | Hacking Insecure Firbase

A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "wr…

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

Attack surface detector that identifies endpoints by static analysis

MY METHODS

A handy phone call manager with phonebook, number blocking and multi-SIM support that uses truecaller to display the name of the caller.

Tool for automating bash cleanup tasks with cron jobs 🧹✨

Web Application Security Scanner Framework

Python based Discord bot Which allows you to run tools like nmap and amass from discord

A Python3 based C2 server to make life of red teamer a bit easier. The payload is capable to bypass all the known antiviruses and endpoints.

Windows11 Penetration Suite Toolkit 一个开箱即用的windows渗透测试环境

Files and Programs for UAV and Drone Cybersecurity Workshop

AI assistant that utilizes GPT language models to interpret and generate cybersecurity payloads 🪄