Stars
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Autogenerate static GraphQL API documentation
XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.
GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations
Automated All-in-One OS Command Injection Exploitation Tool.
A collection of one-liners for bug bounty hunting.
A collection of awesome one-liner scripts especially for bug bounty tips.
The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.
Deserialization payload generator for a variety of .NET formatters
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
Accept URLs on stdin, replace all query string values with a user-supplied value
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!
Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
Collection grep patterns for Tomnomnom tools namely gf
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
Learn Blockchain, Solidity, and Full Stack Web3 Development with Javascript
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
A collection of tools to perform searches on GitHub.
40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...
List of Google Dorks for sites that have responsible disclosure program / bug bounty program