Source code for Hacker101.com - a free online web and mobile security class.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

A list of resources for those interested in getting started in bug bounties

A list of web application security

A container repository for my public web hacks!

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Awesome Node.js Security resources

A list of all FTP servers in IPv4 that allow anonymous logins.

Fast CORS misconfiguration vulnerabilities scanner🍻

Making Favicon.ico based Recon Great again !

🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

Web application vulnerability scanner

java source code static code analysis and danger function identify prog

🎯 PHP / ASP - Shell Backdoor List 🎯

Clear all your logs in [linux/windows] servers 🛡️

ScanT3r - Web Security Scanner

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Runs the default Google Lighthouse tests with additional security tests

👨‍🏫 Mike's Web Security Course

Awesome Object Capabilities and Capability Security

DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities

Security Testing Scripts for JWT

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Python library and CLI for the Bug Bounty Recon API

CS 253 Web Security course at Stanford University