ArfatKhan786

vuln-web-apps

A curated list of vulnerable web applications.

CTF-Difficulty

This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.

Upload_Bypass

A simple tool for bypassing file upload restrictions.

payloads

Android-Pentesting-Checklist

Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data, storage, and permissions effortlessly. Boost security skills with essential tools and user-friendly guides. Elevate Android security seamlessly!

Sudomy

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

vulnerability-Checklist

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

ronin-vulns

Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.

XML-RPC-Check

XML-RPC Vulnerability Checker and Directory Fuzzer

autoreport

autoreport generates bug report templates for security researchers

fastr3porter

Auto report generator for bug bounty hunters

public-static-assets

SQLi-Query-Tampering

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

reflector

Burp plugin able to find reflected XSS on page in real-time while browsing on site

ezXSS

ezXSS is an easy way to test (blind) XSS

gitleaks

Searches full repo history for secrets and keys 🔑

generate-file-upload

Generate some payload to bypass restriction when you perform a file upload

XXElixir

This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.

IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

KingOfBugBountyTips

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..

ShoLister

ShoLister is a tool that collects all available subdomains for specific hostname or organization from Shodan. The tool is designed to be used from Penetration Tester and Bug Bounty Hunters.

bugbounty-cheatsheet

A list of interesting payloads, tips and tricks for bug bounty hunters.

Diggy

Extract endpoints from apk files.

payloads

Git All the Payloads! A collection of web attack payloads.

B-XSSRF

Toolkit to detect and keep track on Blind XSS, XXE & SSRF

weaponised-XSS-payloads

XSS payloads designed to turn alert(1) into P1

XXRF-Shots

XXRF Shots - Useful for testing SSRF vulnerability

TakeOver-v1

Takeover script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdomain takeover vulnerability.

BugBountyScanner

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

scant3r

ScanT3r - Module based Bug Bounty Automation Tool