An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability

Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.

CeWL is a Custom Word List Generator

A comprehensive bug bounty methodology compiled from extensive research, covering web application reconnaissance, checklists, and methods for identifying various bugs. This guide aims to help bug h…

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the contr…

World's fastest and most advanced password recovery utility

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

A stunning, functional and responsive retractable sidebar for Next.js built on top of shadcn/ui.

Malware Configuration And Payload Extraction

403/401 Bypass Methods + Bash Automation + Your Support ;)

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

best tool for finding SQLi,CRLF,XSS,LFi,OpenRedirect

🎯 SQL Injection Payload List

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Nginx configuration static analyzer

A comprehensive list of custom filters for Logger++ to identify various vulnerabilities in different API styles

Create tar/zip archives that can exploit directory traversal vulnerabilities

Diff, match and patch text in Go

Anonymous MiniApp Messenger Powered By E2E Encryption (AES + RSA)

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

✨ A framework-agnostic tool that converts any layout into a drag-to-swap one with just a few lines of code https://swapy.tahazsh.com/