Focus on what matters instead of fighting with Git.

Attack surface detector that identifies endpoints by static analysis

List of Github repositories and articles with list of dorks for different search engines

The Havoc Framework

LLM tool to find any potential vulnerabilities and deobfuscate android app code.

A small collection of vulnerable code snippets

HackerOne Hacktivity -> Discord Webhook with Embeds

SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty

JADX-gui scripting plugin for dynamic decompiler manipulation

iOS Decompiler

A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.

A set of simple servers (currently HTTP/HTTPS and DNS) which allow configurable and scriptable responses to network requests.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Damn Vulnerable Rails app

A vulnerable version of Rails that follows the OWASP Top 10

An updated collection of resources targeting browser-exploitation.

awesome list of browser exploitation tutorials

A Burp Suite extension for CSRF proof of concepts.

A tool to guess the rest of the shortnames provided by vulnerable IIS instances.

Academic purposes only. Attack against Salesforce lightning with guest privilege.

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Droz_scan is a automated script, that runs all the queries of drozer in a single run

List of Trusted Types bypasses

A curated list of awesome Android Reverse Engineering training, resources, and tools.

📝 Web security related academic papers collection (just for myself).

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Burp Payloads

XSS payloads for bypassing WAF. This repository is updating continuously.

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.