Web Application Tools

Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories ) + Web App

The First Open Source Bug Bounty Platform

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

Tools to download and reconstruct exposed .git repositories from web servers. Includes Gitdumper (download), Extractor (extract commits), an…

This repository is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) and H…

A FREE comprehensive online Go hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of revers…

Directory/file and DNS busting tool written in Go. Extremely fast. Modes include directory brute-force, DNS subdomain enumeration, virtual h…

AI-powered subdomain enumeration tool with local LLM analysis via Ollama - 100% private, zero API costs

🔍 Chrome扩展，为安全研究和渗透测试提供Google/百度/Bing高级搜索语法快捷执行。一键Dorking、批量提取URL、智能过滤黑名单，大幅提升信息收集效率。 🔍 Chrome extension for security research and penetrat…

Yet another tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases.

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Go Web Application Penetration Test

InQL is a Burp Suite and standalone GraphQL security scanner. Analyzes introspection queries, generates operations, detects batch query atta…

🛡️ The missing GraphQL security security layer for Apollo GraphQL and Yoga / Envelop servers 🛡️

Security Auditor Utility for GraphQL APIs

🔍A cutting edge context aware GraphQL API fuzzing tool!

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is…

MCP server that connects AI assistants to HackerOne for bug bounty hunting

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

Source code for Hacker101.com - a free online web and mobile security class.

Complete collection of bug bounty reports from Hackerone.

Top disclosed reports from HackerOne

Collection of Combination of 👨🏻‍💻Ethical Hacking, 🐧Linux, Cyber security, 💰Bug Bounty, Penetration testing, Networking and more IT Related B…

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and …