Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.

Top disclosed reports from HackerOne

GitHub Actions Pipeline Enumeration and Attack Tool

PasteBomb C2-less RAT

Central Repository for the Epoch 0 coursework and quizzes. Contains all the content, cross-referenced and linked.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

My portfolio

Get up and running with Llama 3.3, DeepSeek-R1, Phi-4, Gemma 2, and other large language models.

Mastering Ethereum, by Andreas M. Antonopoulos, Gavin Wood

Audits and findings by MiloTruck

Vulnerable app with examples showing how to not use secrets

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Ubuntu Privilege Escalation bash one-liner using CVE-2023-32629 & CVE-2023-2640

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

LEAKEY is a bash script which checks and validates for leaked credentials. The idea behind LEAKEY is to make it highly customizable and easy to add checks for new services.

Redis 4.x & 5.x RCE

Hidden parameters discovery suite

Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist

i will upload more templates here to share with the comunity.

massive SQL injection vulnerability scanner

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

NucleiFuzzer is a robust automation tool that efficiently detects web application vulnerabilities, including XSS, SQLi, SSRF, and Open Redirects, leveraging advanced scanning and URL enumeration te…

Automatic SQL injection and database takeover tool

AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories,

List all public repositories for (valid) GitHub usernames

Static Analyzer for Solidity and Vyper

POC for CVE-2022-47966 affecting multiple ManageEngine products