richeeta's Stars
xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.
m3n0sd0n4ld/GooFuzz
GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
gwen001/github-search
A collection of tools to perform searches on GitHub.
Cyber-Guy1/API-SecurityEmpire
API Security Project aims to present unique attack & defense methods in API Security field
trickest/wordlists
Real-world infosec wordlists, updated regularly
jordanpotti/AWSBucketDump
Security Tool to Look For Interesting Files in S3 Buckets
B3nac/Android-Reports-and-Resources
A big list of Android Hackerone disclosed reports and other resources.
1N3/BlackWidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
doyensec/inql
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
1N3/Findsploit
Find exploits in local and online databases instantly
wagiro/BurpBounty
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
d3mondev/puredns
Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
HolyBugx/HolyTips
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
p0dalirius/Awesome-RCE-techniques
Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
1N3/BruteX
Automatically brute force all services running on a target.
screetsec/Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
hisxo/gitGraber
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
jaeles-project/jaeles
The Swiss Army knife for automated Web Application Testing
Az0x7/vulnerability-Checklist
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
projectdiscovery/uncover
Quickly discover exposed hosts on the internet using multiple search engines.
antonio-morales/Fuzzing101
An step by step fuzzing tutorial. A GitHub Security Lab initiative
devanshbatham/ParamSpider
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
sa7mon/S3Scanner
Scan for misconfigured S3 buckets across S3-compatible APIs!
jaeles-project/gospider
Gospider - Fast web spider written in Go
six2dez/OneListForAll
Rockyou for web fuzzing
dwisiswant0/awesome-oneliner-bugbounty
A collection of awesome one-liner scripts especially for bug bounty tips.
opsdisk/pagodo
pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
jonaslejon/malicious-pdf
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
codingo/NoSQLMap
Automated NoSQL database enumeration and web application exploitation tool.
vaib25vicky/awesome-mobile-security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.