Accept URLs on stdin, replace all query string values with a user-supplied value

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Convert API descriptions between popular formats such as OpenAPI(fka Swagger), RAML, API Blueprint, WADL, etc.

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

This repository contains Bug Bounty writeups

A tool for monitoring bug bounty programs across multiple platforms to track scope changes.

Store all the latest Medium Articles by specific tags for the Bug Bounty hunting and Security filed and Notify on the Discord server

This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL

Dump all available paths and/or endpoints on WADL file.

The Simple Agent Development Kit.

Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database

⛷ Lightweight Markdown app to help you write great sentences. 轻灵的 Markdown 笔记本伴你写出妙言

Depix is a PoC for a technique to recover plaintext from pixelized screenshots.

Sub-Domain TakeOver Vulnerability Scanner (edoardottt fork)

A python tool to map the access rights of network shares into a BloodHound OpenGraphs easily

SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader

"AI-Trader: Can AI Beat the Market?" Live Trading Bench: https://hkuds.github.io/AI-Trader/

the LLM vulnerability scanner

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

XSS payloads for exploiting Markdown syntax

A dataset containing Office 365 Unified Audit Logs for security research and detection

Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

Install and Run Python Applications in Isolated Environments

Audit tool for Active Directory. Automates a lot of checks from a pentester perspective.

OneForAll是一款功能强大的子域收集工具

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.

Official git repo for iodine dns tunnel

Ready to go Phishing Platform