Highlights
Stars
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
📱 objection - runtime mobile exploration
basic bbtools , buggy , not recommended to use
A cheat sheet that contains advanced queries for SQL Injection of all types.
Sleepy Puppy XSS Payload Management Framework
💻 A fully functional local AWS cloud stack. Develop and test your cloud & Serverless apps offline
debauchee / barrier
Forked from deskflow/deskflowOpen-source KVM software
A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
🐙 Cross-document messaging security research tool powered by https://enso.security
Fast and customizable vulnerability scanner based on simple YAML based DSL.
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to …
Wordpress Plugin Information Extractor
Defences against Cobalt Strike
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.
Create tar/zip archives that can exploit directory traversal vulnerabilities
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.
A python script that finds endpoints in JavaScript files
Security Testing is not as simple as right click > Scan. It's messy, a tough game. What if you had missed to test just that one thing and had to regret later? Sh00t is a highly customizable, intell…
A one liner Bash command which finds CORS in every possible endpoint.