A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints …

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

The Repository contains various payloads, tools, tips and tricks from various hackers around the world. Please take a quick look down here 👇👇

A Fast Broken Link Hijacker Tool written in Python

All about bug bounty (bypasses, payloads, and etc)

Simple command shell collections

HTML, CSS and JS projects.

Just simple helper tool for generate github search link

Collections of Orange Tsai's public presentation slides.

GitHub Recon — and what you can achieve with it!

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Web Fuzzing Box - Web 模糊测试字典与一些Payloads，主要包含：弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例：https://gh0st.cn/archives/2019-11-11/1

Single-file PHP shell

Simple Recon is just a simple bash script to automate my recon process.

This web application is a demonstration of common server-side application flaws. Each of the vulnerabilities has its own difficulty rating.

Publicly Open Amazon AWS S3 Bucket Viewer

Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.

List of periodically validated public DNS resolvers

A comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

A docker container & Bash script for Bug Bounty reconnaissance. Intended for headless use.

HTTP Request Smuggling Detection Tool

A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.

A collection of awesome one-liner scripts especially for bug bounty tips.

Scope gathering tool for HackerOne, Bugcrowd, and Intigriti!

search Google and extract results directly. skip all the click-through links and other sketchiness