Starred repositories
Hide your scrapers IP behind the cloud. Provision proxy servers across different cloud providers to improve your scraping success.
A cheatsheet for exploiting server-side SVG processors.
SSRF (Server Side Request Forgery) testing resources
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
Tool to help exploit XXE vulnerabilities
Automatic SQL injection and database takeover tool
Automated All-in-One OS Command Injection Exploitation Tool.
A list of public penetration test reports published by several consulting firms and academic security groups.
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
Python script that runs Masscan against an IP to collect open ports, feed those ports to Nmap, which finds service versions and runs default scripts. Built with CTFs in mind.
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about services. Generate re…
Protect and discover secrets using Gitleaks 🔑
Never ever ever use pixelation as a redaction technique
Enumerate the permissions associated with AWS credential set
PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs
The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
Scanners for Jar files that may be vulnerable to CVE-2021-44228
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, and rule types
Log4j jndi injects the Payload generator
A community sourced list of log4j-affected software
Operational information regarding the log4shell vulnerabilities in the Log4j logging library.