Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Rockyou for web fuzzing

Write fuzzer with rust

A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning

Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF

Extract URLs, paths, secrets, and other interesting bits from JavaScript

Mind-Maps of Several Things

This is a resource factory for anyone looking forward to starting bug hunting and would require guidance as a beginner.

A Web Vulnerability Scanner and Patcher

Takes a list of URLs and returns their HTTP response codes

All about bug bounty (bypasses, payloads, and etc)

Automated Tool for Testing Header Based Blind SQL Injection

「🔑」A tool used to hunt down API key leaks in JS files and pages

jmreport/qurestSql 未授权SQL注入批量扫描poc Jeecg-Boot是一款基于Spring Boot和Jeecg-Boot-Plus的快速开发平台，最新的jeecg-boot 3.5.0 中被爆出多个SQL注入漏洞。

Chat automates Nuclei template generation

Ghat is a tool for updating your GitHub actions and Terraform with the latest version of it dependencies and using immutable hashes instead of mutable tags.

CVE-2023-34960 Chamilo PoC

This Repositories contains list of One Liners with Descriptions and Installation requirements

NucleiFuzzer is a robust automation tool that efficiently detects web application vulnerabilities, including XSS, SQLi, SSRF, and Open Redirects, leveraging advanced scanning and URL enumeration te…

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.

autoreport generates bug report templates for security researchers

latest version of scanners for IIS short filename (8.3) disclosure vulnerability

Google IP Search Engine

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

Official Command Line Interface for the IPinfo API (IP geolocation and other types of IP data)

Small, fast tool for performing reverse DNS lookups en masse.

Filter and enrich a list of subdomains by level

JS Finding can be used to extract JavaScript (JS) files from either a single domain URL or a list of domains. The tool supports various extraction methods and provides additional options for file d…

🎯 Open Redirect Payload List