Stars
An easy-to-use HTTP client to spoof TLS/JA3, HTTP2 and HTTP3 fingerprint
Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Unify your OAST provider management and consolidate all interactions into a single, streamlined workflow.
Misc dictionaries for directory/file enumeration, username enumeration, password dictionary/bruteforce attacks
Guidelines and training material to write secure smart contracts
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
The most exhaustive list of reliable DNS resolvers.
Automated privilege escalation of the world's most popular Docker images.
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
XSS payloads designed to turn alert(1) into P1
Turns any junk text into a usable wordlist for brute-forcing.
😎 Awesome lists about all kinds of interesting topics
A curated list of wordlists for bruteforcing and fuzzing
Automated & Manual Wordlists provided by Assetnote
CeWLeR - Custom Word List generator Redefined. CeWL alternative in Python, based on the Scrapy framework.
A repository that includes all the important wordlists used while bug hunting.
Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws