Rust-powered HTTP Request Smuggling Scanner.

awesome game security [Welcome to PR]

The recursive internet scanner for hackers. 🧡

Scan for secrets in dangling commits on GitHub using GH Archive data.

CF-Hero is a reconnaissance tool that uses multiple data sources to discover the origin IP addresses of Cloudflare-protected web applications

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

A collection of awesome one-liner scripts especially for bug bounty tips.

Open-source security research tool for identifying origin IP exposure of websites protected by Cloudflare and similar reverse proxy services.

A super UX friendly CLI to make daily connections through H.Boundary easy to do

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

Web Content Discovery Tool

A sorted and updated list of security wargame sites.

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving to…

iOS/macOS Research Swiss Army Knife

Go security checker

Extract files from any kind of container formats

Public repository for Cantordust Ghidra plugin.

Exploit Development and Reverse Engineering with GDB & LLDB Made Easy

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Prototype Pollution and useful Script Gadgets

Tips on how to write exploit scripts (faster!)

A rapid HTTP downgrade smuggling scanner written in Go.

Reverse Engineer's Toolkit

A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Ctf solutions from p4 team

An step by step fuzzing tutorial. A GitHub Security Lab initiative