Xplo8E's Stars
ssl/ezXSS
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Ebryx/GitDump
A pentesting tool that dumps the source code from .git even when the directory traversal is disabled
reider-roque/pdfunlock
Small java command line utility to unlock pdf files (remove any copy/edit/print protections)
jhaddix/tbhm
The Bug Hunters Methodology
cspshivam/easydork
EasyDork is a tool written in bash. it gives google dorks to find vulnerabilities like directory listing, log file leakage, sql error and many more. It can be very useful in Bug Bounty Hunting & Web App Pentesting.
cspshivam/sweetuu
Sweetuu is a Advance Shell which can be used to achieve RCE easily through LFI & RFI. For easy wins in bug bounty, upload sweetuu instead of any other php code.
vlakhani28/Cyber-Security-Resources
AlephNullSK/dnsgen
Generates combination of domain names from the provided input.
KingOfBugbounty/web-scraping
Anotações e scripts de web scraping, screen scraping, etc
tomnomnom/hacks
A collection of hacks and one-off scripts
KingOfBugbounty/hacks
A collection of hacks and one-off scripts
KingOfBugbounty/KingOfBugBountyTips
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
projectdiscovery/shuffledns
MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering and easy input-output support.
infosec-au/altdns
Generates permutations, alterations and mutations of subdomains and then resolves them
assetnote/commonspeak2-wordlists
Wordlists that have been compiled using Commonspeak2. This repo is updated every time new wordlists are generated.
assetnote/commonspeak2
Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlists
m6a-UdS/dvca
Damn Vulnerable Cloud Application
chenjj/espoofer
An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻
dwisiswant0/apkleaks
Scanning APK file for URIs, endpoints & secrets.
0xInfection/Awesome-WAF
🔥 Web-application firewalls (WAFs) from security standpoint.
EnableSecurity/wafw00f
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
vincd/wappylyzer
Implementation of Wappalyzer in Python
Viralmaniar/BigBountyRecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
payloadbox/xss-payload-list
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
calebstewart/pwncat
Fancy reverse and bind shell handler
anuraghazra/github-readme-stats
:zap: Dynamically generated stats for your github readmes
tomnomnom/httprobe
Take a list of domains and probe for working HTTP and HTTPS servers
0xZ0F/Z0FCourse_ReverseEngineering
Reverse engineering focusing on x64 Windows.
ManasHarsh/Cobra
All in one tool to make your hacking easier.
guidepointsecurity/RedCommander
Red Team C2 Infrastructure built in AWS using Ansible!