Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist

S3 Recon tips and tricks collected from different resources,Sorry if i missed to mention all resources owners

Vhost Hopping Or Abuse Proxy Pass

Impacket is a collection of Python classes for working with network protocols.

Free, libre, effective, and data-driven wordlists for all!

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Web path scanner

a recon tool that allows searching on URLs that are exposed via shortener services

Android Reverse-Engineering Workbench for VS Code

Front End interview preparation materials for busy engineers (updated for 2025)

An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.

Find, verify, and analyze leaked credentials

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Dex to Java decompiler

A big list of Android Hackerone disclosed reports and other resources.

Never again run out of gradients! 🌈 (discontinued)

Hidden parameters discovery suite

Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)

Vulnerability Cheatsheet

tool to bypass 403/401 pages ( helpful for bug hunting)

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Materials related to security: docs, checklists, processes, etc...

Linux privilege escalation auditing tool

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool