Stars
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
Open-source Windows and Office activator featuring HWID, Ohook, KMS38, and Online KMS activation methods, along with advanced troubleshooting.
jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice
A fancy self-hosted monitoring tool
NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications
A list of public penetration test reports published by several consulting firms and academic security groups.
Small tool to automate SSRF wordpress and XMLRPC finder
🚀 An open and lightweight modification to Windows, designed to optimize performance, privacy and usability.
jsleak is a tool to find secret , paths or links in the source code during the recon.
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
A collection of one-liners for bug bounty hunting.
A collection of awesome one-liner scripts especially for bug bounty tips.
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
Gospider - Fast web spider written in Go
Distributed malware processing framework based on Python, Redis and S3.
A python tool to check subdomain takeover vulnerability
Automatic SQL injection and database takeover tool
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
Asset inventory of over 800 public bug bounty programs.
A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.