BChecks collection for Burp Suite Professional

Automatic SSTI detection tool with interactive interface

A curated list of various bug bounty tools

⚡ XSSuccessor is a powerful, asynchronous Cross-Site Scripting (XSS) detection tool.

🪄 XSSDynaGen is a tool designed to analyze URLs with parameters, identify the characters allowed by the server, and generate advanced XSS payloads based on the analysis results.

subdomain bruteforce list

Go script for bypassing 403 forbidden

HTTP parameter discovery suite.

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security v…

A Firefox Web Extension to improve the discovery of DOM XSS.

Complete list of LPE exploits for Windows (starting from 2023)

Extract and execute a PE embedded within a PNG file using an LNK file.

FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loading

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), ar…

A wordlist of API names for web application assessments

A collection of malwares found on the internet.

Collection of Cyber Threat Intelligence sources from the deep and dark web

Zimbra - Remote Command Execution (CVE-2024-45519)

Evasive shellcode loader

A simple tool for bypassing file upload restrictions.

a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to spot authentication/authorization issues, and converts Http …

Contextual Content Discovery Tool

Client-Side Prototype Pollution Tools

Prototype Pollution and useful Script Gadgets

Content-Type Research

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

hexadecimal & URL encoder + decoder