This is the open sourced code for the extension, EndPointer

NetScan CLI is a command-line tool for retrieving and analyzing IP address information. It provides detailed subnet and organization data for given IP addresses using various online services.

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom Java…

Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

A Burp extension helps identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations, while also converting HTTP requests to JavaScript for enhan…

Remote CLI tools at your fingertips

Unsecure time-based secret exploitation and Sandwich attack implementation Resources

Scrape LV House Seats and notify on new shows with Gmail

This challenge is Inon Shkedy's 31 days API Security Tips.

A full stack web application that combines many tools and services for security analysts into a single tool.

CVE-2023-34362: MOVEit Transfer Unauthenticated RCE

MOVEit CVE-2023-34362

Zinc Search engine. A lightweight alternative to elasticsearch that requires minimal resources, written in Go.

Burp Suite Certified Practitioner Exam Study

Simple script for full recon

BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.

A curated list of various bug bounty tools

A collection of awesome one-liner scripts especially for bug bounty tips.

Compiles a list of major CDN and WAF subnets.

This is a comprehensive subdomain enumeration Guide

Unleash the power of cloud

A list of public penetration test reports published by several consulting firms and academic security groups.

Checklist of the most important security countermeasures when designing, testing, and releasing your API

Information Dump Monitor

Organize your API security assessment by using MindAPI. It's free and open for community collaboration.

Find fetch & validate free proxies fast.