Lists (1)
Stars
A powerful JavaScript monitoring tool for bug bounty hunters. Track changes in JavaScript files across websites, detect new attack surfaces, and stay ahead of security vulnerabilities.
This Chromium extension scans the page for external iFrames, Scripts, and Styles, logs them to the console, and checks if their domains are resolvable.
A webkit-based kernel exploit and jailbreak for PS5
Convert API descriptions between popular formats such as OpenAPI(fka Swagger), RAML, API Blueprint, WADL, etc.
PPPwnUI is a program that adds an UI to the exploit PPPwn created by TheFlow.
Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.
Given a list of domains and known IP and buckets that are owned, which might be susceptible to domain hijacking?
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
A script to enumerate virtual hosts on a server.
The Burp extension to check JWT (JSON Web Tokens) for using keys from known from public sources
β‘·β πππππ ππΈβ β’Ύ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.
A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
A path-normalization pentesting tool.
The backend of HTTP Toolkit
Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.
CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
PoC for SQL Injection in CVE-2024-27956