m4ll0k

SecretFinder

SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

BBTz

BBT - Bug Bounty Tools (examples💡)

Atlas

Quick SQLMap Tamper Suggester

Awesome-Bugbounty-Writeups

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

hacks

A collection of hacks and one-off scripts

GitDorker

A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

OneListForAll

Rockyou for web fuzzing

dirsearch

Web path scanner

PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

gsd-database

Global Security Database

bbscope

Scope gathering tool for HackerOne, Bugcrowd, Intigriti and Immunefi!

PayloadsAllThePDFs

PDF Files for Pentesting

confused

Tool to check for dependency confusion vulnerabilities in multiple package management systems

gmapsapiscanner

Holmes

Website FingerPrint Recognition

youzai

基于Golang开发的WEB漏洞扫描器

cve

Gather and update all available and newest CVEs with their PoC.

reapoc

OpenSource Poc && Vulnerable-Target Storage Box.

fingerprint

各种工具指纹收集分享

HackerzHat

cve-schema

This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published here. This repository is managed by the CVE Quality Working Group.

FingerprintHub

侦查守卫(ObserverWard)的指纹库

intrigue-core

Discover Your Attack Surface!

intrigue-ident

Application and Service Fingerprinting

jaeles-signatures

Default signature for Jaeles Scanner

misp-warninglists

Warning lists to inform users of MISP about potential false-positives or other information in indicators

nowafpls

Burp Plugin to Bypass WAFs through the insertion of Junk Data

domloggerpp

m4ll0k.github.io

m4ll0k blog