CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

A Comprehensive Web Fuzzer and Content Discovery Tool

Extracting api keys and secrets by requesting each url at the your list.

List of Awesome Asset Discovery Resources

RCE 0-day for GhostScript 9.50 - Payload generator

CloudFlare Checker written in Go

Urls status code & content length checker

Default Linux files/images location

This tool aims at accumulating javascript files from a given set of subdomains to discover hidden endpoints. It swims through JS files to find more JS files. It also creates a target-specific wordl…

🔢 Bits, bytes and address calculator

A Workflow Engine for Offensive Security

Scan for vulnerabilities in JavaScript libraries you use (Python port of retirejs)

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

Collection of Scripts for shodan searching stuff.

CVE-2017-9506 - SSRF

Generate Email, Register for anything, Get the OTP/Link

This project has been moved, check the README.md file!

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

Check whether the domain has a rate limit enabled.

Content released at NorthSec 2018 for my talk on prototype pollution

A web application hacker's toolbox. Base64 encoding/decoding, URL encoding/decoding, MD5/SHA1/SHA256/HMAC hashing, code deobfuscation, formatting, highlighting and much more.

The cheat sheet about Java Deserialization vulnerabilities

The cheat sheet about Java Deserialization vulnerabilities

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

SSRF (Server Side Request Forgery) testing resources