A curated collection of DFIR skills and workflows for InfoSec practitioners.

SecHub provides a central API to test software with different security tools.

NeuroSploitv2 is an advanced, AI-powered penetration testing framework designed to automate and augment various aspects of offensive security operations. Leveraging the capabilities of large langua…

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

files and documentation related to thie cybershujaa qa mentor sessions

The Template Injection Playground allows to test a large number of the most relevant template engines for template injection possibilities.

JSBerg is a fast and efficient URL scraper that extracts links, JavaScript files, CSS files, images, and inline URLs from a list of websites.

Electron JS Browser To Find XSS Vulnerabilities Automatically

A cheatsheet for exploiting server-side SVG processors.

Intelligent web vulnerability analysis suite leveraging Generative AI for developers, pentesters, and security researchers.

This is the repository for indicators of compromise (IOCs) and other data for threat intelligence articles posted on the Palo Alto Networks Unit 42 website.

Steganography in Twitter using retweets

Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.

🚀 A lightweight, framework-agnostic database migration tool.

Burp Plugin to Bypass WAFs through the insertion of Junk Data

Android Testing Platform Setup Tool (ATPST) is a small script i wrote that semi-automated the prcoess of setting up Genymotion, frida, adb and bypassing Android Trustmanger when conducting security…

A curated list of cloud pentesting resource, contains AWS, Azure, Google Cloud

FFmpeg Assembly Language Lessons

This open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed …

Contextual Content Discovery Tool

AI Red Teaming playground labs to run AI Red Teaming trainings including infrastructure.

A command-line utility designed to recursively spider webpages for URLs. It works by actively traversing websites - following links embedded in webpages, parsing resources like sitemaps and robots.…

Command line tool for testing CRLF injection on a list of domains.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

A tool for inspecting and analyzing mobile application storage files.

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

Ultimate List Of Bug Bounty Tools