Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Fetch the details of assets hosted on AWS.

Takeover AWS ips and have a working POC for Subdomain Takeover.

"Can I take over DNS?" — a list of DNS providers and how to claim (sub)domains via missing hosted zones

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Reverse proxies cheatsheet

Making Favicon.ico based Recon Great again !

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

Go client to communicate with Chaos DB API.

List HackerOne private program assets

Fast and customizable vulnerability scanner based on simple YAML based DSL.

A collection of custom security tools for quick needs.

OneForAll是一款功能强大的子域收集工具

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers to your "resolver.txt"

A wrapper around grep, to help you grep for things

This information provides helpful information to make it easier to discover new attack surface on HackerOne.com.

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

An Extended, Modulair, Host Discovery Framework

Fetch all the URLs that the Wayback Machine knows about for a domain

Pastebin-scraper tool leverages the API of https://psbdmp.ws/ to find emails/domains dumped in pastebin.