This repo contains useful scripts that AI created for me which I would have been too lazy for

A wordlist of API names for web application assessments

GQLSpection - parses GraphQL introspection schema and generates possible queries

Generate queries from graphql schema, used for writing api test.

A streamlined tool for discovering private TLDs for security research.

Nuclei templates written by geeknik. Claude is my co-pilot. 🤖

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications

CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocke…

Take a list of domains and probe for working HTTP and HTTPS servers

Recon MindMap (RMM)

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover

"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.

Mass Hunting & Exploitation PoC for CVE-2025-55182 & CVE-2025-66478

Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more

List of XSS Vectors/Payloads

Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, all the possible IPs, PORTs and SSL/TLS Certs are searched to …

Use favicons to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.

Making Favicon.ico based Recon Great again !

A build tool for GraphQL projects.

Web Fuzzing Box - Web 模糊测试字典与一些Payloads

Daily target monitoring system

compute favicon hashes of your target, generates shodan dork too.

Practical setup guides and helpers to connect Burp Suite MCP Server to multiple AI backends (Codex, Gemini, Ollama, ...).

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

Firepwn is a tool made for testing the Security Rules of a firebase application.

📜 Yet another collection of wordlists

A Python script that queries a list of IPs and returns useful or interesting information (for externals/webapps)