Stars
wappalyzer alternative based on wappalyzer browser extension
santaonbeach / nomore403
Forked from devploit/nomore403Tool to bypass 403/40X response codes.
PP-finder Help you find gadget for prototype pollution exploitation
🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.
Blackbox Protobuf is a set of tools for working with encoded Protocol Buffers (protobuf) without the matching protobuf definition.
gRPC-Web Pentesting Suite + Burp Suite Extension / Hack gRPC-Web Applications
Binary instrumentation framework based on FRIDA
JScripter is a Python script designed to scrape and save unique JavaScript files from a list of URLs or a single URL.
Prototype Pollution and useful Script Gadgets
A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
Keeps your preferred Bit Torrent client blocklist up to date to support your privacy and security
Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pages and see the returned values
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
Extract URLs, paths, secrets, and other interesting bits from JavaScript
A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target
A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements.
Open source education content for the researcher community
Asset inventory of over 800 public bug bounty programs.
Generates permutations, alterations and mutations of subdomains and then resolves them
Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.
MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering and easy input-output support.
Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
Check your WAF before an attacker does