Top disclosed reports from HackerOne

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

tools created by me

A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.

This Repositories contains list of One Liners with Descriptions and Installation requirements

Provides public bug bounty programs in-scope data that offer rewards and monitors public bug bounty programs assets.

📜 Yet another collection of wordlists

BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition

BugBoard: A comprehensive open-source cybersecurity tool for vulnerability detection and bug hunting.

A collection of one-liners for bug bounty hunting.

A simple bash script that downloads a collection of BChecks from various sources and consolidates them into a single directory.

Execute Trickest workflows right from your terminal

A fast, simple, recursive content discovery tool written in Rust.

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有11wPOC，已校验有效性并去重）

🚀 XSSFUZZ - A tool for detecting XSS vulnerabilities in web applications.

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Active Directory and Internal Pentest Cheatsheets

An insane list of all dorks taken from everywhere from various different sources.

Web Attack Cheat Sheet

Rockyou for web fuzzing

🐛 A list of writeups from the Google VRP Bug Bounty program

All In One Web Recon

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

The repo contains all the the notes, slides, and study material for my workshop at DEFCON 32 at the Bug Bounty Village