Starred repositories
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Repodownloads a tool that help you to install all repo from Org Via Github without any API key like clone-org & ghorg
RCECODE is a code which has code to exploit the RCE via package dependency confusion
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
OSINT tool for finding profiles by username
Prototype Pollution and useful Script Gadgets
Go client to communicate with Chaos DB API.
The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.
Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9…
An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Sleepy Puppy XSS Payload Management Framework
The Google Cloud Developer's Cheat Sheet
Ultimate Wordlist for Web Content Discovery
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
A curated list of CTF frameworks, libraries, resources and softwares
Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and private keys.
Tool to achieve policy driven vetting of open source dependencies
An application to audit the security of WLAN Access points. The application tries to guess the access point default password via a public know algorithm. This app is NOT MEANT to be used as a hacki…