onedrive user enumeration - pentest tool to enumerate valid o365 users
OneLinerBounty is a collection of quick, actionable bug bounty tips in one-liner format. Perfect for bug hunters looking to boost their skil…
Wordlists for web fuzzing: curated micro, categorized short/long, and combined final lists.
Open-source vulnerability assessment framework. Full-featured scanner with a web interface, regularly updated Network Vulnerability Tests (N…
Optik is a set of symbolic execution tools that assist smart-contract fuzzers
Workflow engine for offensive security reconnaissance. Orchestrates multiple tools (amass, subfinder, nuclei, etc.) in automated pipelines f…
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
OWASP's Zed Attack Proxy — one of the world's most popular free web application security scanners. Features active/passive scanning, spideri…
Packet monster (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) TUI tool for sending packets of arbitrary input and monitoring packets on any network interfaces (de…
Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A toolset for reverse engineering and fuzzing Protobuf-based apps
This is more of a checklist for myself. May contain useful tips and tricks.
An in-depth guide to help people who are new to penetration testing or red teaming and are looking to gain an overview of the penetration te…
The most autonomous pentesting AI on the market. MCP server + Python agents with 150+ security tools, exploit chaining, and PoC validation.
NOT for educational purposes: An MCP server for professional penetration testers including STDIO/HTTP/SSE support, nmap, go/dirbuster, nikto…
Pentesting Framework is a bundle of penetration testing tools, Includes - security, pentesting, hacking and many more.
A bash script for recon and DOS attacks
AI-powered security assessment SKILLS for your codebase. Multi-language (JS, Go, Python, Rust, Java, PHP, Ruby, C#). Works with Claude Code,…
To be used with tools like GoBuster & DirBuster but these lists are specifically tailored and designed for scanning phishing < landing pages…
AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.
Modular & Open-Source Coverage-Guided Web Application Fuzzer for PHP
Your personal 'Mini Shodan'. A high-performance network reconnaissance engine designed for massive scale asset discovery. Specializes in ide…