sandrogarcia's Stars
Genymobile/scrcpy
Display and control your Android device
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
The-Art-of-Hacking/h4cker
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.
projectdiscovery/subfinder
Fast passive subdomain enumeration tool.
1N3/Sn1per
Attack Surface Management Platform
projectdiscovery/httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
payloadbox/xss-payload-list
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
urbanadventurer/WhatWeb
Next generation web scanner
streaak/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
EdOverflow/can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
hakluke/hakrawler
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
eth0izzle/shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
tomnomnom/waybackurls
Fetch all the URLs that the Wayback Machine knows about for a domain
sa7mon/S3Scanner
Scan for misconfigured S3 buckets across S3-compatible APIs!
obheda12/GitDorker
A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
projectdiscovery/dnsx
dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
jaeles-project/jaeles
The Swiss Army knife for automated Web Application Testing
BankSecurity/Red_Team
Some scripts useful for red team activities
randorisec/MobileHackingCheatSheet
Basics on commands/tools/info on how to assess the security of mobile applications
projectdiscovery/shuffledns
MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering and easy input-output support.
gwen001/github-search
A collection of tools to perform searches on GitHub.
ZupIT/horusec
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
ozguralp/gmapsapiscanner
tomnomnom/qsreplace
Accept URLs on stdin, replace all query string values with a user-supplied value
evilpenguin/SSLBypass
iOS SSL Pinning Bypass (iOS 8 - 14)
odomojuli/regextokens
list of regex patterns for oauth / api tokens with provided source
iGio90/frida-onload
Frida module to hook module initializations on android
tehryanx/sourcemapper
Reconstruct javascript from a sourcemap in bash