wewe
A repository with 3 tools for pwn'ing websites with .git repositories available
Simple HS256, HS384 & HS512 JWT token brute force cracker.
Deriving RSA public keys from message-signature pairs
Community curated list of templates for the nuclei engine to find security vulnerabilities.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
A list of cyber-chef recipes and curated links
FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing.
👨🏼💻 A customizable man-in-the-middle TCP intercepting proxy.
An extensible application for penetration testers and software developers to decode/encode data into various formats.
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …
First iteration of ML based Feedback WAF
Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
XSS payloads designed to turn alert(1) into P1
Experience the power of a PHP webshell designed to overcome the limitations of blacklisted system/exec functions.
A simple script just made for self use for bypassing 403
SourceGPT - prompt manager and source code analyzer built on top of ChatGPT as the oracle
All about bug bounty (bypasses, payloads, and etc)
CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting infor…
Converts text to and from UTF-7 (RFC 2152 and IMAP).
SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data with optional output modules, such as Elastic.
Ultimate Burp Suite Exam and PortSwigger Labs Guide.
BChecks collection for Burp Suite Professional and Burp Suite DAST
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
CVE-2023-22515: Confluence Broken Access Control Exploit
Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure