Stars
A 100% offline, fully portable, zero-trace AI (Ollama + Llama 3 + AnythingLLM) that runs natively from a USB drive on Windows and Mac.
A complete, beginner-friendly bug bounty roadmap that takes you from zero experience to earning your first bounty.
Collection of scripts and tools used during bug bounty work. This will be the location of my automation scripts created for my own personal use, and occassionally public released
Notes taken from Android App Hacking - Black Belt Edition (UDEMY - Roman Stuehler)
DigitalPlat FreeDomain: Free Domain For Everyone
Not so awesome Web3 Security Reasearcher roadmap by tpiliposian
Oversecured Vulnerable iOS App
A powerful asynchronous XSS scanner supporting up to 1,500 concurrent requests.
Certainly is a offensive security toolkit to capture large amounts of traffic in various network protocols in bitflip and typosquat scenarios.
🔪 this repo contains required files for web application pentests
A modern tool written in Python that automates your xss findings.
Bug Bounty Learning Resources i mentioned on My Blog at http://whoami.securitybreached.org/
Scans for indications of an XSS, Oracle SQLi and filters out words containing MySQL.
A demo PHP application used to exercise SQL injection techniques in a safe, local Docker environment
The most powerful CRLF injection (HTTP Response Splitting) scanner.
Scrape domain names from SSL certificates of arbitrary hosts
A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting
PoC for leaking text nodes via CSS injection
🕵️♂️ All-in-one OSINT tool for analysing any website
APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and flexible input/output options. Ideal for API security testing.