SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty

A complete computer science study plan to become a software engineer.

A curated awesome list of lists of interview questions. Feel free to contribute! 🎓

Everything you need to prepare for your technical interview

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A list of useful payloads and bypass for Web Application Security

Bookmarks Extension for Visual Studio Code

A utility to detect various technology for a given IP address.

a burp extension which creates dynamic payloads to reveal injection flaws(LFI, RCE, SQLi), generates user access tables to spot authentication/authorization issues, and copy Http requests as JavaSc…

Scanning APK file for URIs, endpoints & secrets.

NucleiFuzzer is a powerful automation tool for detecting xss,sqli,ssrf,open-redirect..etc vulnerabilities in web applications

This repository aims to hold suggestions (and hopefully/eventually code) for CTF challenges. The "project" is nicknamed Katana.

A really fast http prober.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Fast web fuzzer written in Go

WebdriverIO service which helps writing tests for any web application

A collection of special paths linked to common internal paths, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality end…

OWASP API Security Project

Config files for my GitHub profile.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

HTTP parameter discovery suite.

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

Google Cloud Labs

crawls the website and finds broken social media links that can be hijacked