netshell features all in version 2 powershell

A collection of PDF/books about the modern web application security and bug bounty.

Search for sensitive data in Postman public library.

Automatically install some web hacking/bug bounty tools.

A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting

A python tool to automate KeePass discovery and secret extraction.

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

how to look for Leaked Credentials !

Checklist of the most important security countermeasures when designing, testing, and releasing your API

Weaponized web shell

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

Security Testing Scripts for JWT

Simple HS256, HS384 & HS512 JWT token brute force cracker.

An extension for checking if .git is exposed in visited websites

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to …

A repository with 3 tools for pwn'ing websites with .git repositories available

Single-file PHP shell

Creazione d'identità Fake - Impostazione Privacy Profili Social - Creazione Ambiente di Lavoro

Arsenal is a Simple shell script (Bash) used to install tools and requirements for Bug Bounty

Obfuscate Python Programs

Collection of methodology and test case for various web vulnerabilities.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️