Gather results of dorks across a number of search engines

A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp /…

Trafexia - Mobile Traffic Interceptor

A simple Joern MCP Server.

A containerized Model Context Protocol (MCP) server providing static code analysis using Joern's Code Property Graph (CPG) with support for Java, C/C++, JavaScript, Python, Go, Kotlin, C#, Ghidra, …

Rust-powered HTTP Request Smuggling Scanner.

A Python-based application that enables dynamic conversations between multiple AI models in a graphical user interface. Originally designed for exploring liminal AI interactions, it's evolved into …

服务端配置错误情况下用于伪造ip地址进行测试的Burp Suite插件

The RedStack DB extracted as an Obsidian Vault

Swisscom Vulnerability Disclosure Policy & Bug Bounty Programme

Scan websites for exposed Supabase JWTs, enumerate accessible tables, and detect sensitive data exposure automatically.

a recon framework that facilitates discovering, scanning and monitoring assets trough a configurable engine running on serverless aws infrastructure.

Goby-Poc-Collection for Goby scanner https://github.com/gobysec/Goby - forked from many github accounts Thanks the authors

Get 10X more out of Claude Code, Codex or any coding agent

Expose your local web server to the internet with a public URL.

DoomScope framework - Automated Web Security/Recon Scanner

A security focused static analysis tool for Android and Java applications.

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

Twitter vulnerable snippets

React Shell & Next.js RSC Exploit Tool (CVE-2025-55182)

A Python script that dynamically attaches Frida to any debuggable Android process over JDWP, enabling runtime instrumentation without root access or APK repackaging

🌐 Make websites accessible for AI agents. Automate tasks online with ease.

CodeQL zero to hero blog post series challenges

all of the workflows of n8n i could find (also from the site itself)

MCP Server for Ghidra

Open-source AI agents for penetration testing

🌐 The Internet Computer! Free, Open-Source, and Self-Hostable.

WSUS Unauthenticated RCE

CVE-2024-21893: SSRF Vulnerability in Ivanti Connect Secure