A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Contextual Content Discovery Tool

Repodownloads a tool that help you to install all repo from Org Via Github without any API key like clone-org & ghorg

RCECODE is a code which has code to exploit the RCE via package dependency confusion

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

how to look for Leaked Credentials !

OSINT tool for finding profiles by username

Javascript-based keylogger

Prototype Pollution and useful Script Gadgets

Go client to communicate with Chaos DB API.

The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices

A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.

Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9…

An IIS short filename enumeration tool

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Sleepy Puppy XSS Payload Management Framework

The Google Cloud Developer's Cheat Sheet

Ultimate Wordlist for Web Content Discovery

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...

static analysis of C/C++ code

An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.

A curated list of CTF frameworks, libraries, resources and softwares

Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and private keys.

Tool to achieve policy driven vetting of open source dependencies

An application to audit the security of WLAN Access points. The application tries to guess the access point default password via a public know algorithm. This app is NOT MEANT to be used as a hacki…