(WIP) Runtime Application Instruments for iOS. Previously Passionfruit

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.

A socket daemon to multiplex connections from and to iOS devices

Alpine & Debian-based distro that lets you install palera1n.

Jailbreak for A8 through A11, T2 devices, on iOS/iPadOS/tvOS 15.0, bridgeOS 5.0 and higher.

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.

HTTP parameter discovery suite.

Background Remover lets you Remove Background from images and video using AI with a simple command line interface that is free and open source.

Rembg is a tool to remove images background

Converts jpg images to ASCII

The modern Java bytecode editor

Powerful android apk editor - aapt/aapt2 independent

HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac 🎉 Open an issue here to give feedback or ask for help.

An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites.

Bringing Astrid Tasks back from the dead

Simulate GPS location system-wide

Simulate locations on iOS devices on Windows, Mac and Ubuntu.

Quick fix your Xcode with the missing developer disk images. iOS, tvOS, watchOS files available.

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing s…

Flutter Reverse Engineering Framework

A Frida script that disables Flutter's TLS verification

Script to root AVDs running with QEMU Emulator from Android Studio

Helps to perform automated authorization tests for CI/CD piplines

403/401 Bypass Methods + Bash Automation + Your Support ;)

40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...

Potentially dangerous files

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…