lemosnlmb's Stars
R0X4R/ssrf-tool
An SSRF detector tool written in golang. I have fixed some errors and added some more payloads to it. But the tool credits go to z0idsec.
R0X4R/Garud
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
MayankPandey01/Jira-Lens
Fast and customizable vulnerability scanner For JIRA written in Python
riramar/Web-Attack-Cheat-Sheet
Web Attack Cheat Sheet
infoslack/awesome-web-hacking
A list of web application security
paralax/lfi-labs
small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns
tauh33dkhan/XSStrike-extension
0xCGonzalo/Golden-Guide-for-Pentesting
Golden Guide
devanshbatham/ParamSpider
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
imran-parray/Mind-Maps
Mind-Maps of Several Things
Tanmay-N/CORS-Scanner
hueristiq/xurlfind3r
A command-line utility designed to help you discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.
pikpikcu/XRCross
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
MindPatch/lorsrf
Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:
m4ll0k/SecretFinder
SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
defparam/smuggler
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
ehsaanqazi/Bug-Bounty
Resources and Guides for Web Application Vulnerabilities
ghsec/webHunt
Web App bug hunting
jaeles-project/jaeles
The Swiss Army knife for automated Web Application Testing
codingo/NoSQLMap
Automated NoSQL database enumeration and web application exploitation tool.
nahamsec/lazyrecon
This script is intended to automate your reconnaissance process in an organized fashion
almandin/fuxploider
File upload vulnerability scanner and exploitation tool.
streaak/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
machine1337/recon-automation
This script will install all the essential bug bounty tools and will find some basic vulns. I made this script for my daily hunting. The best feature about this script is just run it in background and then analyze the target manually.
machine1337/FUD_keylogger
Fully FUD keylogger that can bypass windows 11 & windows 10 defender protection and all kinds of Antivirus protections also.
zigoo0/webpwn3r
WebPwn3r - Web Applications Security Scanner.
disclose/diodb
Open-source vulnerability disclosure and bug bounty program database
arthaud/git-dumper
A tool to dump a git repository from a website
kleiton0x00/ppmap
A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
assetnote/kiterunner
Contextual Content Discovery Tool