ThoundsN

AllinOne

lazyrecon

This script is intended to automate your reconnaissance process in an organized fashion

byp4xx

Simple bash script to bypass "403 Forbidden" messages with well-known methods discussed in #bugbountytips

Wordlist

403fuzzer

Alchemist

Alchemist turns a burp exported log file into a custom wordlist specifically for your target, you can then use this wordlist to bruteforce the target.

Algorithm-PrincetionCourse

auth_analyzer

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

Autorize

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

autosdb-wa4e

Simple CURD php web toy project for a course.

cascade

Best open-source SaaS boilerplate. Free, powerful & extendable.

cs50web

gf

A wrapper around grep, to help you grep for things

http-request-smuggler

LaravelE-commerce

ListJs

log4j-payload-generator

Log4j jndi injects the Payload generator

Log4j2Scan

Nemesis

nextjs-dashboard

open-bilibili

openbilibili

哔哩哔哩后台源码

ovaa_poc

pentest-tools

Custom pentesting tools

proxy-provider-converter

一个可以将 Clash 订阅转换成 Proxy Provider 和 External Group(Surge) 的工具

qsfuzz

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Scripts

SIBPanel

theftfuzzer

TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.

unwebpack-sourcemap

Extract uncompiled, uncompressed SPA code from Webpack source maps.