♥

OneShot-Extended (WPS penetration testing utility) is a fork of the tool with extra features

A Workflow Engine for Offensive Security

Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...

Uncover the true IP address of websites safeguarded by Cloudflare & Others

End-to-End Encrypted Messaging via GitHub Gists

Generate an undetectable PE ( .exe ), which bypasses windows defender / AV

Track the GPS location of the user's smartphone or PC and capture a picture of the target, along with IP and device information.

A Bash script for automated nuclei dast scanning by using passive urls

DNS-Blocklists: For a better internet - keep the internet clean!

Faster Tool Google Dorking & high-performance with Golang, designed for automated search engine querying using custom search dorks and rotating proxies.

best tool for finding SQLi,CRLF,XSS,LFi,OpenRedirect

An insane list of all dorks taken from everywhere from various different sources.

CVE-2024-44258

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Rockyou for web fuzzing

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

This tool will check for Sensitive Data Leakage with some useful patterns/RegEx. The patterns are mostly targeted on waybackdata and filter everything accordingly.

Scripts that make SQL injection faster, more convenient, and easier

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Scan for secrets, endpoints, and other sensitive data after decompiling and deobfuscating Android files. (.apk, .xapk, .dex, .jar, .class, .smali, .zip, .aar, .arsc, .aab, .jadx.kts).

A curated list wordlists for bruteforcing and fuzzing

Information gathering framework for phone numbers