Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

A repository of JavaScript XSS attacks against client browsers

Search WiFi geolocation data by BSSID and SSID on different public databases.

Binary instrumentation framework based on FRIDA

PHP Webshell with handy features

WhiteWinterWolf's PHP web shell

This module configures the chrome flag --ignore-certificate-errors-spki-list, this bypasses the NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED cert error produced by Certificate Transparency (CT) intro…

🤱🏻 Turn any webpage into a desktop app with Rust. 🤱🏻 利用 Rust 轻松构建轻量级多端桌面应用

A repository with 3 tools for pwn'ing websites with .git repositories available

GitHub Data Analysis Framework.

The recursive internet scanner for hackers. 🧡

Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.

Tool to find and extract credentials from phone configuration files hosted on CUCM

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

A python script to scan for Apache Tomcat server vulnerabilities.

Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat…

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

Generates millions of keyword-based password mutations in seconds.

Network penetration testing toolset wrapper

A DNS tunnel utilizing the Burp Collaborator

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target

Quick SQLMap Tamper Suggester

Finding all things on-prem Microsoft for password spraying and enumeration.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Full Nuclei automation script with logic explanation.