mmirnosir's Stars
jivoi/awesome-osint
:scream: A curated list of amazingly awesome OSINT
s0md3v/Arjun
HTTP parameter discovery suite.
streaak/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
hahwul/WebHackersWeapons
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
GerbenJavado/LinkFinder
A python script that finds endpoints in JavaScript files
arkadiyt/bounty-targets-data
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
Bo0oM/fuzz.txt
Potentially dangerous files
jaeles-project/jaeles
The Swiss Army knife for automated Web Application Testing
xnl-h4ck3r/waymore
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!
m4ll0k/BBTz
BBT - Bug Bounty Tools (examples💡)
galkan/crowbar
Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.
1ndianl33t/Gf-Patterns
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
Karanxa/Bug-Bounty-Wordlists
A repository that includes all the important wordlists used while bug hunting.
s0md3v/uro
declutters url lists for crawling/pentesting
andresriancho/enumerate-iam
Enumerate the permissions associated with AWS credential set
chrislockard/api_wordlist
A wordlist of API names for web application assessments
zigoo0/JSONBee
A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
KathanP19/Gxss
A tool to check a bunch of URLs that contain reflecting params.
Josue87/gotator
Gotator is a tool to generate DNS wordlists through permutations.
kevin-mizu/domloggerpp
A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
Escape-Technologies/graphql-wordlist
The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.
PortSwigger/burp-extensions-montoya-api
Burp Extensions Api
danielmiessler/Source2URL
Parse source code directories and output list of URLs that are then sent through a proxy.
PortSwigger/burp-extensions-montoya-api-examples
Examples for using the Montoya API with Burp Suite
doyensec/CSPTBurpExtension
CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
shreyaschavhan/python-for-awae
Python for AWAE (Advanced Web Attacks and Exploitation)
ViktorMares/ultimate_discovery
Ultimate Wordlist for Web Content Discovery
CDThomas/graphql-json-to-sdl
A command line utility for converting a JSON GraphQL schema to GraphQL SDL
floft/dhcp-spoof
simulate DHCP spoofing on a virtual network using Mininet
OmarKhaled511/Bate5a