S0L1tud3's Stars
knassar702/lorsrf
Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:
Damian89/extended-ssrf-search
Smart ssrf scanner using different methods like parameter brute forcing in post and get...
1ndianl33t/Gf-Patterns
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
fish-shell/fish-shell
The user-friendly command line shell.
nahamsec/nahamsec.training
The labs for my Udemy course (https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec)
tomnomnom/gron
Make JSON greppable!
tomnomnom/qsreplace
Accept URLs on stdin, replace all query string values with a user-supplied value
Proviesec/google-dorks
Useful Google Dorks for WebSecurity and Bug Bounty
0dayCTF/reverse-shell-generator
Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
allyomalley/LiveTargetsFinder
Generates lists of live hosts and URLs for targeting, automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts and gather service information
gwen001/github-endpoints
Find endpoints on GitHub.
s4n7h0/xvwa
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
prometheus/prometheus
The Prometheus monitoring system and time series database.
projectdiscovery/subfinder
Fast passive subdomain enumeration tool.
screetsec/Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
gwen001/pentest-tools
A collection of custom security tools for quick needs.
robertdavidgraham/masscan
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
BlackFan/client-side-prototype-pollution
Prototype Pollution and useful Script Gadgets
projectdiscovery/interactsh
An OOB interaction gathering server and client library
projectdiscovery/nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
obheda12/GitDorker
A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
crytic/echidna
Ethereum smart contract fuzzer
pytube/pytube
A lightweight, dependency-free Python library (and command-line utility) for downloading YouTube Videos.
payloadbox/command-injection-payload-list
🎯 Command Injection Payload List
fullhunt/log4j-scan
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
s0md3v/Arjun
HTTP parameter discovery suite.
streaak/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
deibit/cansina
Web Content Discovery Tool
hahwul/dalfox
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
tomnomnom/hacks
A collection of hacks and one-off scripts