dslusser

AnimatedDrawings

Code to accompany "A Method for Animating Children's Drawings of the Human Figure"

piko

An open-source alternative to Ngrok, designed to serve production traffic and be simple to host (particularly on Kubernetes)

MagiskTrustUserCerts

A Magisk/KernelSU module that automatically adds user certificates to the system root CA store

byp4xx

40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...

ds_store_exp

A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively.

dexcalibur

[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

pentest-bookmarks

a collection of handy bookmarks

caido

🚀 Caido releases, wiki and roadmap

recollapse

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications

google-dorks

Useful Google Dorks for WebSecurity and Bug Bounty

zdns

Fast DNS Lookup Library and CLI Tool

GoogleRecaptchaBypass

Solve Google reCAPTCHA in less than 5 seconds! 🚀

http-request-smuggling

HTTP Request Smuggling Detection Tool

Python-dsstore

A library for parsing .DS_Store files and extracting file names

vanilla-calendar-pro

Vanilla Calendar is a versatile JavaScript date and time picker with TypeScript support, making it compatible with any JavaScript framework or library. It is designed to be lightweight, simple to use, and feature-rich without relying on external dependencies.

xss_vibes

A modern tool written in Python that automates your xss findings.

awsScrape

A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.

js-x-ray

JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

cstc

CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef

knoxnl

This is a python wrapper around the amazing KNOXSS API by Brute Logic

Forbidden-Buster

A tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. This code is made for security enthusiasts and professionals only. Use it at your own risk.

forbiddenpass

workflows

🛠️ Workflows created by the community

burp2caido

A tool to migrate Burpsuite HTTP history to Caido.

sus_params

EvenBetterExtensions

EvenBetterExtensions allows you to quicky install and keep updated Caido extensions.

postmessage-vulnerability-demo

HTML source files demonstrating HTML5 postmessage vulnerabilities

CaidoReflector

Automatically look for paramater reflections in the HTTP response

detect-cve-2024-4367

YARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDF.js

EvenBetterAPI

EvenBetterAPI is a API that is used in the EvenBetter Caido frontend plugin. It allows you to create custom components, listen to custom events and more.