Mohammad Mukarram's repositories
api_wordlist
A wordlist of API names for web application assessments
Authorization-Nuclei-Templates
Authorization-Nuclei-Templates
AutoRecon
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
behind-this-website
Checklist for investigating the provenance and ownership of websites.
Blind-XSS-Manager
Never forget where you inject.
BugBountyBooks
A collection of PDF/books about the modern web application security and bug bounty.
burp-dom-scanner
Burp Suite's extension to scan and crawl Single Page Applications
Burp-Suite-Certified-Practitioner-Exam-Study
Burp Suite Certified Practitioner Exam Study
burpsuite-js-extractor
A simple plugin to export JS files from one or multiple targets
crsbf
Brute Force subdomains with a list of custom DNS records.
cut-cdn
✂️ Removing CDN IPs from the list of IP addresses
cve
Gather and update all available and newest CVEs with their PoC.
Dependency-Confusion
All About Dependency Confusion Attack, (Detecting, Finding, Mitigating)
git-dumper
A tool to dump a git repository from a website
HBSQLI
Automated Tool for Testing Header Based Blind SQL Injection
LinkFinder
A python script that finds endpoints in JavaScript files
osint_stuff_tool_collection
A collection of several hundred online tools for OSINT
PortSwigger-Academy-CheatSheets
This repository contains cheatsheets and payloads compiled from completing the labs at PortSwigger Academy.
pwn-machine
The Pwning Machine
QueryXSS---hacks
Collection of scripts that I use while bug hunting
recollapse
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
revwhoix
A simple utility to perform reverse WHOIS lookups using whoisxml API
s3cXSSer
This extension will help you to detect GET/POST based XSS vulnerability in any website easily
Subenum_deep_subdomain_enumeration
In this repo, I have created a subdomain enumeration function that grab subdomains in deep.
trufflehog
Find credentials all over the place
userefuzz
User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
x8
Hidden parameters discovery suite
XSS-Payloads-1
List of XSS Vectors/Payloads