Lists (1)
Sort Name ascending (A-Z)
Stars
Bypass-Four03 is a powerful bash tool designed to help testers bypass HTTP 403 forbidden errors through various path and header manipulation techniques. It also includes fuzzing for HTTP methods an…
DorkScraper is a simple tool written in Python to extract all the urls that appear when using a Google Dork.
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
FourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes. Written in Go, so easy to install and fast out of the box.
list of regex patterns for oauth / api tokens with provided source
Dump files via Directory Traversal, LFI, Arbitrary File Read in a breeze with the help of ffuf
🕵️♂️🔍 A tool with several scanning techniques that extracts live IP addresses from a list of IP addresses or CIDR notations.
Bugcrowd’s baseline priority ratings for common security vulnerabilities
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
PortSwigger / autorize
Forked from Quitten/AutorizeAutomatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automa…
Automated Tool for Testing Header Based Blind SQL Injection
Cheatsheet to exploit and learn SQL Injection.
Bug Bounty Testing Essential Guideline : Startup Bug Hunters
This is a SMS And Call Bomber For Linux And Termux
🎯 Fast CORS misconfiguration vulnerabilities scanner
Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
smartrecon is a powerful shell script to automate the recon and finding common vulnerabilities for bug hunter
This tool is a simple LFI, RFI, RCE, and Joomla Components vulnerability scanner, created by JayCyberSecurity
A curated list of Android Security materials and resources For Pentesters and Bug Hunters
User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
A collection of one-liners for bug bounty hunting.
HTTP Request Smuggling Detection Tool