wwwarrior's Stars
JaidedAI/EasyOCR
Ready-to-use OCR with 80+ supported languages and all popular writing scripts including Latin, Chinese, Arabic, Devanagari, Cyrillic and etc.
djsime1/awesome-flipperzero
🐬 A collection of awesome resources for the Flipper Zero device.
elceef/dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
reddelexc/hackerone-reports
Top disclosed reports from HackerOne
BishopFox/jsluice
Extract URLs, paths, secrets, and other interesting bits from JavaScript
xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.
sleeyax/burp-awesome-tls
Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.
devploit/nomore403
Tool to bypass 403/40X response codes.
nikitastupin/clairvoyance
Obtain GraphQL API schema even if the introspection is disabled
laluka/bypass-url-parser
bypass-url-parser
sw33tLie/bbscope
Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
indianajson/can-i-take-over-dns
"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.
FoxIO-LLC/ja4
JA4+ is a suite of network fingerprinting standards
assetnote/nowafpls
Burp Plugin to Bypass WAFs through the insertion of Junk Data
p0dalirius/ApacheTomcatScanner
A python script to scan for Apache Tomcat server vulnerabilities.
sAjibuu/Upload_Bypass
A simple tool for bypassing file upload restrictions.
jthack/PIPE
Prompt Injection Primer for Engineers
0ang3el/websocket-smuggle
Issues with WebSocket reverse proxying allowing to smuggle HTTP requests
intrudir/BypassFuzzer
Fuzz 401/403/404 pages for bypasses
pdelteil/BugBountyReportTemplates
List of reporting templates I have used since I started doing BBH.
microservices-security-in-action/samples
Microservices Security in Action Book Samples
iann0036/iam-dataset
A consolidated cloud IAM dataset
doyensec/wsrepl
WebSocket REPL for pentesters
FonduAI/awesome-prompt-injection
Learn about a type of vulnerability that specifically targets machine learning models
nxenon/h2spacex
HTTP/2 Single Packet Attack low Level Library / Tool based on Scapy + Exploit Timing Attacks
BojackThePillager/Slackhound
Slackhound allows red and blue teams to perform fast reconnaissance on Slack workspaces/organizations to quickly search user profiles, locations, files, and other objects.
Jet-Security-Team/DevSecOps-Assessment-Framework
DevSecOps Assessment Framework
dinosn/synackDUO
Python Duo Push API
braindead-sec/ssh-grabber
vankyver/directus-aspm-poc
PoC of using Directus as ASPM