XSS payloads designed to turn alert(1) into P1

This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL

Proof-of-Concept exploits for CVEs found by the team at Rhino Security Labs

latest version of scanners for IIS short filename (8.3) disclosure vulnerability

Exploit for the vulnerability CVE-2024-43044 in Jenkins

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.

A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

Automation for javascript recon in bug bounty.

Broken Link Hijacking Burp Extension

Next generation web scanner

Generates permutations, alterations and mutations of subdomains and then resolves them

Analyze the security of any domain by finding all the information possible. Made in python.

The Zonemaster Project

Given a domain, will tell you the decisions that the domain owner has made.

A tool to link a domain with registered organisation names and emails, to other domains.

Fast and customizable subdomain wordlist generator using DSL

Contextual Content Discovery Tool

Auto Recon Bash Script

ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.

This repository contains all the supplement material for the book "The art of sub-domain enumeration"

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Recursive DNS Subdomain Enumerator with dead-end avoidance system (BETA)

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

A script to enumerate virtual hosts on a server.

Web path scanner

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

A script to extract domain names from Content Security Policy(CSP) headers