Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

📱 objection - runtime mobile exploration

basic bbtools , buggy , not recommended to use

A cheat sheet that contains advanced queries for SQL Injection of all types.

Sleepy Puppy XSS Payload Management Framework

Welcome to the XSS Challenge Wiki!

Automating XSS using Bash

💻 A fully functional local AWS cloud stack. Develop and test your cloud & Serverless apps offline

Open-source KVM software

A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

Web Application Security Testing Tools

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

🐙 Cross-document messaging security research tool powered by https://enso.security

Fast and customizable vulnerability scanner based on simple YAML based DSL.

A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to …

Wordpress Plugin Information Extractor

Defences against Cobalt Strike

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

Create tar/zip archives that can exploit directory traversal vulnerabilities

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.

A python script that finds endpoints in JavaScript files

Security Testing is not as simple as right click > Scan. It's messy, a tough game. What if you had missed to test just that one thing and had to regret later? Sh00t is a highly customizable, intell…

A one liner Bash command which finds CORS in every possible endpoint.