Stoinskii's Stars
yeswehack/pp-finder
PP-finder Help you find gadget for prototype pollution exploitation
kevin-mizu/domloggerpp
A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
GiJ03/API_KeyHacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
irsdl/IIS-ShortName-Scanner
latest version of scanners for IIS short filename (8.3) disclosure vulnerability
s0md3v/Corsy
CORS Misconfiguration Scanner
mhmdiaa/waybackrobots
Enumerate old versions of robots.txt paths using Wayback Machine for content discovery
PortSwigger/auth-analyzer
nikitastupin/clairvoyance
Obtain GraphQL API schema even if the introspection is disabled
payloadbox/sql-injection-payload-list
🎯 SQL Injection Payload List
KingOfBugbounty/KingOfBugBountyTips
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
forcesunseen/graphquail
Burp Suite extension that offers a toolkit for testing GraphQL endpoints.
doyensec/GQLSpection
GQLSpection - parses GraphQL introspection schema and generates possible queries
BishopFox/jsluice
Extract URLs, paths, secrets, and other interesting bits from JavaScript
GerbenJavado/LinkFinder
A python script that finds endpoints in JavaScript files
m4ll0k/SecretFinder
SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
projectdiscovery/subfinder
Fast passive subdomain enumeration tool.
six2dez/reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Viralmaniar/BigBountyRecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
tomnomnom/qsreplace
Accept URLs on stdin, replace all query string values with a user-supplied value
americo/sqlifinder
SQL Injection Vulnerability Scanner made with Python
s0md3v/uro
declutters url lists for crawling/pentesting
phor3nsic/favicon_hash_shodan
Calculate favicon hash for SHODAN
KathanP19/HowToHunt
Collection of methodology and test case for various web vulnerabilities.
0xmaximus/Galaxy-Bugbounty-Checklist
Tips and Tutorials for Bug Bounty and also Penetration Tests.
musana/fuzzuli
fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.
redhuntlabs/BucketLoot
BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.
blacklanternsecurity/bbot
A recursive internet scanner for hackers.
Tib3rius/AutoRecon
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
jhaddix/sus_params
projectdiscovery/asnmap
Go CLI and Library for quickly mapping organization network ranges using ASN information.