#
Starred repositories
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It ca…
A curated list of amazingly awesome Burp Extensions
A collection of tools to perform searches on GitHub.
Accurately separates a URL’s subdomain, domain, and public suffix, using the Public Suffix List (PSL).
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat…
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to …
A tool to perform permutations, mutations and alteration of subdomains in golang.
Content discovery wordlists generated using BigQuery
Automated & Manual Wordlists provided by Assetnote
In-depth attack surface mapping and asset discovery
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
Monitor linux processes without root permissions
A tool which scrapes public github repositories for common naming conventions in variables, folders and files
🔥 Web-application firewalls (WAFs) from security standpoint.
Fetch all the URLs that the Wayback Machine knows about for a domain
Automatic SQL injection and database takeover tool
A tool for embedding XXE/XML exploits into different filetypes