Stars
Academic purposes only. Attack against Salesforce lightning with guest privilege.
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.
jsleak is a tool to find secret , paths or links in the source code during the recon.
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150 Tests, Add custom tests, Sensitive data exposure
🔥 Web-application firewalls (WAFs) from security standpoint.
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
A dynamic forming services that can generate forms from spreadsheets
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
essential templates for kenzer [DEPRECATED]
Nuclei Templates Collection
Automated learning of regexes for DNS discovery
Domains belonging to the most reputed public bug bounty programs. [NOT FOR NON-MONETARY OR PRIVATE PROGRAMS]
Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…
"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.
Python code to test default credentials for list of rabbitmq login dashboard
Automate your subdomain enumeration, subdomain takeover, management, nuclei, etc. in one go.
This a adaption of tomnomnom's kxss tool with a different output format
👾👾 Genymotion_ARM_Translation Please enjoy!
Top 100 Hacking & Security E-Books (Free Download)