Highlights
- Pro
Block or Report
Block or report streaak
Contact GitHub support about this user’s behavior. Learn more about reporting abuse.
Report abuseStars
Language
Sort by: Recently starred
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…
fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
differer finds how URLs are parsed by different languages in order to help bug hunters break filters
Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
Takeover AWS ips and have a working POC for Subdomain Takeover.
"Can I take over DNS?" — a list of DNS providers and how to claim (sub)domains via missing hosted zones
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
Making Favicon.ico based Recon Great again !
Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity
Go client to communicate with Chaos DB API.
Fast and customizable vulnerability scanner based on simple YAML based DSL.
A collection of custom security tools for quick needs.
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers to your "resolver.txt"
This information provides helpful information to make it easier to discover new attack surface on HackerOne.com.
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
Fetch all the URLs that the Wayback Machine knows about for a domain
Pastebin-scraper tool leverages the API of https://psbdmp.ws/ to find emails/domains dumped in pastebin.