Project Zero Docs and Tools

A JavaScript Engine Fuzzer

An step by step fuzzing tutorial. A GitHub Security Lab initiative

How to write a very simple JIT compiler

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).

Most of the Google Acquisitions for Bug Bounty Hunter.

🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.

Security Testing Scripts for JWT

Quickly Search Large DNS Datasets

A Go library for making HTTP requests with complete control

How to exploit a double free vulnerability in 2021. Use After Free for Dummies

A games launcher for GOG, Amazon and Epic Games for Linux, Windows and macOS.

Automation for javascript recon in bug bounty.

A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact dire…

Cgo binding for Snowball C library

Word Stemming in Go

📖 A Golang library for text processing, including tokenization, part-of-speech tagging, and named-entity extraction.

BBT - Bug Bounty Tools (examples💡)

Go library for connecting to CertStream

A Tool for Domain Flyovers

An open source multi-tool for exploring and publishing data

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Voxel plugin for the Godot game engine!

Enumerate the permissions associated with AWS credential set

Contextual Content Discovery Tool

XSS payloads for exploiting Markdown syntax

A rapid API for the Project Sonar dataset

Golang client for querying SecurityTrails API data