Stars
HTTPLeaks - All possible ways, a website can leak HTTP requests
davidkevork / reverse-sourcemap
Forked from paazmaya/shuji🔭 Reverse engineering JavaScript and CSS sources from sourcemaps
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
A fancier postMessage tracker with Chrome Manifest version V3 support and a few additional features, inspired by Frans Rosens postmessage tracker.
BackupFinder discovers backup files on web servers by generating intelligent patterns.
🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
Automated GitHub secret scanning with smart alerting & monitoring.
Fast exfiltration of text using only CSS and Ligatures
A Burp extension to Fuzz URLs for HTTP parser inconsistencies
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
A simple script just made for self use for bypassing 403
update-golang is a script to easily fetch and install new Golang releases with minimum system intrusion
Burp Suite extension for testing Passkey systems.
A collection of Turbo Intruder scripts.
This Chromium extension scans the page for external iFrames, Scripts, and Styles, logs them to the console, and checks if their domains are resolvable.
A tool for adding new lines to files, skipping duplicates
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocke…
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
Burp Suite extension that mutates ciphers to bypass TLS-fingerprint based bot detection
A fast, clean, responsive Hugo theme.
A ssh server that knows who you are. $ ssh whoami.filippo.io
a javascript change monitoring tool for bugbounties