Hide your scrapers IP behind the cloud. Provision proxy servers across different cloud providers to improve your scraping success.

A cheatsheet for exploiting server-side SVG processors.

SSRF (Server Side Request Forgery) testing resources

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

Tool to help exploit XXE vulnerabilities

Automatic SQL injection and database takeover tool

Automated All-in-One OS Command Injection Exploitation Tool.

List of XSS Vectors/Payloads

A list of public penetration test reports published by several consulting firms and academic security groups.

A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon

Python script that runs Masscan against an IP to collect open ports, feed those ports to Nmap, which finds service versions and runs default scripts. Built with CTFs in mind.

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about services. Generate re…

Dangerously fast DNS/network/port scanner

Common Web Managers Fuzz Wordlists

Rockyou for web fuzzing

Protect and discover secrets using Gitleaks 🔑

Never ever ever use pixelation as a redaction technique

Enumerate the permissions associated with AWS credential set

PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs

The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices

Fast directory scanning and scraping tool

Scanners for Jar files that may be vulnerable to CVE-2021-44228

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, and rule types

Log4j jndi injects the Payload generator

A community sourced list of log4j-affected software

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.