🎯 XML External Entity (XXE) Injection Payload List

GUI for apktool, signapk, zipalign and baksmali utilities.

Latest CVEs with their Proof of Concept exploits.

A collection of my Frida instrumentation scripts for reverse engineering of mobile apps and more.

Security Auditor Utility for GraphQL APIs

🐛 A list of writeups from the MSRC (Microsoft) Bug Bounty program

web cache deception detect

Secrets Ninja is an GUI tool for validating & investigating API keys discovered during pentesting & bug bounty hunting.

HackerOne Notifier is an automated bot that monitors new programs launched on HackerOne and sends Telegram Bot notifications whenever a new program is detected. The process is fully automated using…

Never forget where you inject.

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

Firebase Misconfiguration Detection Toolkit - To be presented at Blackhat EU Arsenal

A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "wr…

Open-source Windows and Office activator featuring HWID, Ohook, TSforge, KMS38, and Online KMS activation methods, along with advanced troubleshooting.

Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding and patching an APK.

Community curated list of search queries for various products across multiple search engines.

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security v…

Header Exploitation HTTP

JSON Web Token Hack Toolkit

GoogleDorker - Unleash the power of Google dorking for ethical hackers with custom search precision.

A Python module to scrape several search engines (like Google, Yandex, Bing, Duckduckgo, ...). Including asynchronous networking support.

A typical search engine dork scanner scrapes search engines with dorks that you provide in order to find vulnerable URLs.

E-mails, subdomains and names Harvester - OSINT

Dorks Eye Google Hacking Dork Scraping and Searching Script. Dorks Eye is a script I made in python 3. With this tool, you can easily find Google Dorks. Dork Eye collects potentially vulnerable web…

MapperPlus facilitates the extraction of source code from a collection of targets that have publicly exposed .js.map files.

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

High-Performance JavaScript Security Scanner - Process 1M URLs in ~5 hours with Telegram & Discord bot integration, Docker support, and comprehensive workflow automation