I've built with Stripe for years. This is how I do it without going mad.

CeWL is a Custom Word List Generator

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the contr…

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Useful "Match and Replace" burpsuite rules

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Top Ten Web Hacking Techniques List

latest version of scanners for IIS short filename (8.3) disclosure vulnerability

Drop in a screenshot and convert it to clean code (HTML/Tailwind/React/Vue)

CLI for adding customizable and re-usable chat components to your applications. Build beautiful chat interfaces in minutes.

Promise based HTTP client for the browser and node.js

React notification made easy 🚀 !

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

A wordlist framework to fullfill your kinks with your wordlists. For security researchers, bug bounty and hackers.

XSS payloads designed to turn alert(1) into P1

BChecks collection for Burp Suite Professional

declutters url lists for crawling/pentesting

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

A blazing-fast, thread-safe, straightforward and zero memory allocations tool to swiftly generate alternative IP(v4) address representations in Go.

The OWASP AppSec Browser Bundle is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web …

Rockyou for web fuzzing

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A big list of Android Hackerone disclosed reports and other resources.

A collection of awesome one-liner scripts especially for bug bounty tips.

Nuclei Templates Collection

a command line tool for URL parsing and manipulation.