A cross-platform note-taking & target-tracking app for penetration testers.

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Work in progress...

Work in progress...

SRCMS企业应急响应与缺陷管理系统

A deep look at some recon methodologies and web-application vulnerabilities of my interest where I will merge all my notes gathered from books, videos, articles and own experience with bug bounty hunting / web and network hacking

A Tool for Domain Flyovers

One-click installer for Frida and Burp certs for SSL Pinning bypass

Phishing mobile application made in React Native for both Android and iOS devices.

High performance, distributed port scanner for mostly bugbounty. Fast by FastAPI.

A tool to check for response status codes with ease

This search engine automates the discovery of sensitive information using customized dorks across GitHub, Google, and Shodan.

A tool to notify you of the latest changes in bug bounty programs.

Use this tool, to inspect postMessages between different tabs and popups. You can use this to find juicy XSS!

Rebujito is a fork of IppSec.Rocks and serves as a repo for hacking tools and other resources such as vulnerable apps, cheatsheets or methodologies.

Fetch all the URLs that the Wayback Machine knows about for a domain

Repeatable, immutable, and scalable security research w/ Docker

bookmark for javascript endpoint extractor

ffuf-GUI is a web-based fuzzing tool inspired by ffuf, designed for penetration testing and security assessments. It provides a user-friendly interface to automate fuzzing tasks directly from a browser, supporting GET, POST, and custom header injections. With real-time results, response filtering, and exportable reports, ffuf-GUI is an efficient to

This HTML file creates a CSRF PoC form to any HTTP request.