A tool for testing for certificate validation vulnerabilities of TLS connections made by a client device or an application.

Gotta go fast

Differential fuzzing REPL for HTTP implementations.

Pre-Built Vulnerable Environments Based on Docker-Compose

⭐️ Let's turn this readme into a galaxy of stars!

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

A collection of Server-Side Prototype Pollution gadgets and exploits

What the f*ck Python? 😱

🤪 A list of funny and tricky JavaScript examples

fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.

APK downloader from few sources

The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.

A toy compiler that can convert Python scripts 🐍 to pickle bytecode 🥒

A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate

🤖🏴‍☠️ radare2 plugin for GPT-4 🦜. Solve crackmes automatically 🪄

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

A projectdiscovery driven attack surface monitoring bot powered by axiom

Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services

The main goal of this repo is to learn about the gRPC communication patterns and hunt for vulnerabilities in the gRPC-Web app to improve your hunting skills

Generates a `php://filter` chain that adds a prefix and a suffix to the contents of a file.

sorted russian names/surnames wordlists

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

Fuzz WebSockets with custom Python code

Save your dorking results to the terminal. A modified version of TomNomNom's amazing tool!

A simple plugin to export JS files from one or multiple targets

For unpacking base64:ed "Save items"-content from Burp (From search + proxy history)

Extract JavaScript source trees from Sourcemap files

Prompt Injection Primer for Engineers