rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks

Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...

Writeups for PortSwigger WebSecurity Academy

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

My useful files for penetration tests, security assessments, bug bounty and other security related stuff

All about bug bounty (bypasses, payloads, and etc)

IP Lookups for Open Ports and Vulnerabilities from internetdb.shodan.io

Little Bug Bounty & Hacking Tools⚔️

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

Remove duplicate urls from input

EPSS & VEDAS Score Aggregator for CVEs

This script grab public report from hacker one and make some folders with poc videos

HopLa Burp Suite Extender plugin - Brings AI capabilities, autocompletion support, and a set of useful payloads to Burp Suite

SSRF (Server Side Request Forgery) testing resources

Collection of methodology and test case for various web vulnerabilities.

Gospider - Fast web spider written in Go

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

You Know, For WEB Fuzzing ! 日站用的字典。

The Web Application Hacker's Handbook - Extra Content

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

A list of useful payloads for Web Application Security and Pentest/CTF

Default signature for Jaeles Scanner

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…

w3af: web application attack and audit framework, the open source web vulnerability scanner.