🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Extract URLs, paths, secrets, and other interesting bits from JavaScript

A tool to fastly get all javascript sources/files

GQLSpection - parses GraphQL introspection schema and generates possible queries

Prototype Pollution and useful Script Gadgets

SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Finds graphql queries in javascript files

PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

📚 Collaborative cheatsheets for console commands

Terminal emulator by KDE

Access large language models from the command-line

Here's how you can exit nano if you find yourself stuck in this terrible application.

perhaps the best CORS middleware library for Go

Tool to parse subdomains from dmarc.live

Semi-automatic OSINT framework and package manager

Easily gather all routes related to a NextJs application through parsing of _buildManifest.js

cherrytree

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.

Scrape domain names from SSL certificates of arbitrary hosts

A simple SSRF-testing sheriff written in Go