A list of useful payloads and bypass for Web Application Security and Pentest/CTF

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

Find subdomains with GPT, for free

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.

Find related domains of a given domain.

Mass querying whois records