Highly configurable and responsive World of Warcraft Classic pixel Grind Bot - No DLL injection or memory tampering, just screen capture and input simulation.

MagicDrop is a collection of EVM minting protocols that enable the multi stage minting, per stage WL management, per stage supply limit, and crossmint support.

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

Some helper tools to validate subdomain takeovers

A python script that finds endpoints in JavaScript files

This repository presents a proof-of-concept of CVE-2023-7028

Twitter vulnerable snippets

Rockyou for web fuzzing

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

A Personal Collection of Infosec Dorks

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

Official list of .gov domains

🐛 A list of writeups from the Google VRP Bug Bounty program

The Bug Hunters Methodology

PP-finder Help you find gadget for prototype pollution exploitation

DoS tool for HTTP requests (inspired by hulk but has more functionalities)

Yet another tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

Useful Google Dorks for WebSecurity and Bug Bounty

List of reporting templates I have used since I started doing BBH.

A collection of various awesome lists for hackers, pentesters and security researchers

Cloud, WEB, API

A Club Penguin private server written in Python 3

Automate Creation of YouTube Shorts using MoviePy.

Starter-kit with a simple tutorial of how to use the pycardano library