A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon

(Unofficial) Google Home local API documentation.

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

🐛 A list of writeups from the Google VRP Bug Bounty program

A DNS rebinding attack framework.

Reverse proxies cheatsheet

roosterjs is a framework-independent javascript rich text editor.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

Binary instrumentation framework based on FRIDA

Modern JavaScript Tutorial

TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.

Find all libraries on cdn.js that pollute your prototype

CrackQL is a GraphQL password brute-force and fuzzing utility.

Every Security Engineer Interview Question From Glassdoor.com

Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

A python script to merge multiple jar files for easier debugging via JD-Eclipse

This repo contains solution for ctf challenges

Bypass CDN and WAF restrictions using CDN re-fronting.

🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337

Web path scanner

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.

This repository aims to hold suggestions (and hopefully/eventually code) for CTF challenges. The "project" is nicknamed Katana.

😎 Awesome lists about all kinds of interesting topics

The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.

Tutorials, examples, discussions, research proposals, and other resources related to fuzzing

A list of useful payloads and bypass for Web Application Security and Pentest/CTF