Stars
This Chromium extension scans the page for external iFrames, Scripts, and Styles, logs them to the console, and checks if their domains are resolvable.
This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.
🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
An XSS exploitation command-line interface and payload generator.
Burp Plugin to Bypass WAFs through the insertion of Junk Data
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
A python implementation of doyensec/Session-Hijacking-Visual-Exploitation
Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, col…
A library for detecting known secrets across many web frameworks
A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact dire…
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!
Find, verify, and analyze leaked credentials
A collection of impressive and useful results from OpenAI's chatgpt
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
DisplayLink driver installer for Debian and Ubuntu based Linux distributions.
GraphQL automated security testing toolkit
A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target