A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.

Progress Telerik Report Server pre-authenticated RCE chain (CVE-2024-4358/CVE-2024-1800)

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9…

wordlists for password cracking

Persistent Linux 'jails' on TrueNAS SCALE to install software (k3s, docker, portainer, podman, etc.) with full access to all files via bind mounts thanks to systemd-nspawn!

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…

🐬 A collection of awesome resources for the Flipper Zero device.

Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice.

MOVEit CVE-2023-34362

an IIS shortname Scanner

PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.

rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.

FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities

Automated All-in-One OS Command Injection Exploitation Tool.

Wi-Fi Exploitation Framework

⚠️ This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory

AWSGoat : A Damn Vulnerable AWS Infrastructure

Making Favicon.ico based Recon Great again !

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…

ALL IN ONE Hacking Tool For Hackers

SQL Translator is a tool for converting natural language queries into SQL code using artificial intelligence. This project is 100% free and open source.

Scanning APK file for URIs, endpoints & secrets.

Automated Security Testing For REST API's

Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for diff…

POC for CVE-2022-39952

Jailbreak for A8 through A11, T2 devices, on iOS/iPadOS/tvOS 15.0, bridgeOS 5.0 and higher.

Katana - Automatic CTF Challenge Solver in Python3

The ZAP by Checkmarx Core project