
Starred repositories
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …
Top disclosed reports from HackerOne
Fast passive subdomain enumeration tool.
The ultimate, most advanced, security, DeFi, assembly, web3 auditor course ever created.
Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Scan for misconfigured S3 buckets across S3-compatible APIs!
The Web3 Security Resources Hub is a comprehensive collection of curated tools, guides, and best practices for securing decentralized systems and smart contracts in the blockchain space.
SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, col…
A curated list of web3Security materials and resources For Pentesters and Bug Hunters.
PowerSploit - A PowerShell Post-Exploitation Framework
Take a list of domains and probe for working HTTP and HTTPS servers
Find domains and subdomains related to a given domain
A list of interesting payloads, tips and tricks for bug bounty hunters.
BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-…
Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure
In-depth attack surface mapping and asset discovery
Find, verify, and analyze leaked credentials
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security teste…
⚙️ An efficient tool to do in-depth comparison of two android apps.
Django application that performs SAST and Malware Analysis for Android APKs