Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

Xray panel supporting multi-protocol multi-user expire day & traffic & IP limit (Vmess & Vless & Trojan & ShadowSocks & Wireguard)

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

A curated list of CTF frameworks, libraries, resources and softwares

WebGoat is a deliberately insecure application

Awesome XSS stuff

Pentest Report Generator

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses

Unlock: Paraphrase unlimited words, 7 Writing mode , 4 Synonyms options, 6000 Summarizer word limit, 15 Sentences processed at once, Unlimited Freeze Words and phrases (101k active users' choices)

A full stack web application that combines many tools and services for security analysts into a single tool.

a Damn Vulnerable Serverless Application

a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations on decentralized finance

Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities.

GCPGoat : A Damn Vulnerable GCP Infrastructure

A powerful and user-friendly browser extension that streamlines investigations for security professionals.

A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements.

Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice.

Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit

Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.

Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.

Clientside vulnerability / reflected xss fuzzer

PhotOSINT is an OSINT chrome extension for images and photos. It scans each webpage for images with EXIF data, while the user is browsing, and gives context options for reverse image search in diff…

Chrome extension tool for OSINT & Recon

This Chromium extensions aims at supporting the analysis of single sign-on implementations, by offering semi-automated analysis and attack capabilities for OAuth 2.0 and OpenID Connect 1.0 Authoriz…

There were no proper POCs for CVE-2023-30533 so I made one. (Reported by Vsevolod Kokorin)