Stars
FULL v0, Cursor, Manus, Same.dev, Lovable, Devin, Replit Agent, Windsurf Agent, VSCode Agent, Dia Browser & Trae AI (And other Open Sourced) System Prompts, Tools & AI Models.
Reproduce DeFi hacked incidents using Foundry.
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
Differential testing framework for HTTP implementations
๐ OpenHands: Code Less, Make More
Find, verify, and analyze leaked credentials
Burp Plugin to Bypass WAFs through the insertion of Junk Data
A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
Rust-based high performance domain permutation generator. 99B1
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
๐ฏ Cross Site Scripting ( XSS ) Vulnerability Payload List
Generates permutations, alterations and mutations of subdomains and then resolves them
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Tool to check for dependency confusion vulnerabilities in multiple package management systems
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
This repository contains all the supplement material for the book "The art of sub-domain enumeration"
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.