Stars
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
A wordlist framework to fullfill your kinks with your wordlists. For security researchers, bug bounty and hackers.
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X!
A collection of Server-Side Prototype Pollution gadgets and exploits
Prototype Pollution and useful Script Gadgets
An XSS exploitation command-line interface and payload generator.
A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
Burpsuite Extension to bypass 403 restricted directory
All about bug bounty (bypasses, payloads, and etc)
jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
A collection of Turbo Intruder scripts.
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
Obtain GraphQL API schema even if the introspection is disabled
Beyond XSS: Explore the Web Front-end Security Universe. A series about front-end security
holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
A next-generation crawling and spidering framework.
jsleak is a tool to find secret , paths or links in the source code during the recon.
Simple PowerShell HTTP Server (no dependencies, single file, PowerShell 5.1/7)
403/401 Bypass Methods + Bash Automation + Your Support ;)