Log4Shell / Log4J Payload - CVE-2021-45046 and CVE-2022-42889

Google Aiza API Scanner

♥ gOd fAtHEr oRwA

List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.

Asset inventory of over 800 public bug bounty programs.

this repo contains all types of pdf exploits..

Free 2D symbols for computer network diagrams

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving to…

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Scrapts Scrapts Scrapts

how to look for Leaked Credentials !

Extract JavaScript source trees from Sourcemap files

This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them

This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.

40,000+ Nuclei templates for security scanning and detection across diverse web applications and services

A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting

A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.

List of API's for gathering information about phone numbers, addresses, domains etc

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

Conference slides