High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)

how to look for Leaked Credentials !

This challenge is Inon Shkedy's 31 days API Security Tips.

Modern CLI for exploring vulnerability data with powerful search, filtering, and analysis capabilities.

Converts/manipulates/extracts data from a Nmap scan output.

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Port of OpenAI's Whisper model in C/C++

Repo for the files used in my mobile application security and penetration testing course.

Arsenal is just a quick inventory and launcher for hacking programs

A wordlist of API names for web application assessments

AndroGoat

The Leading Security Assessment Framework for Android.

Dex to Java decompiler

Intentionally vulnerable Android application.

An Intentionally designed Vulnerable Android Application built in Kotlin.

An Intentionally designed Vulnerable Android Application built in Kotlin.

These are Slides from NahamCon - 14 June 2020

Checklist of the most important security countermeasures when designing, testing, and releasing your API

A OWASP Based Checklist With 500+ Test Cases

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

Tips and Tutorials for Bug Bounty and also Penetration Tests.

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

Fast and configurable TLS grabber focused on TLS based data collection.

Proof of Concept demonstrating Remote Code Execution through insecure deserialization in Roundcube (CVE-2025-49113).

Nuclei-AI-Prompts

CVE-2025-29927 Proof of Concept

Analyze and debug space usage through source maps