Starred repositories
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Nice list of google dorks for SQL injection
🌌️Fuzz4All: Universal Fuzzing with Large Language Models
Some files for bruteforcing certain things.
EndExt is a .go tool for extracting all the possible endpoints from the JS files
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
Scanning APK file for URIs, endpoints & secrets.
Quickly discover exposed hosts on the internet using multiple search engines.
Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
Community curated list of templates for the nuclei engine to find security vulnerabilities.
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
PortSwigger / openapi-parser
Forked from aress31/openapi-parserParse OpenAPI specifications, previously known as Swagger specifications, into the BurpSuite for automating RESTful API testing – approved by Burp for inclusion in their official BApp Store.
📲 ChatGPT Android demonstrates a Chatbot application using OpenAI's chat API on Android with Stream Chat SDK for Compose.
iOS platform security & anti-tampering Swift library
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…
Set of useful android network tools
Find, verify, and analyze leaked credentials