Collection of documentation, tools, and tips related to vulnerability research.
☆94Jul 13, 2026Updated this week
Alternatives and similar repositories for vulnerability-research
Users that are interested in vulnerability-research are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- My ATO Via Password Reset Methodology☆53May 13, 2026Updated 2 months ago
- Stealth hybrid URL mapper☆17May 1, 2026Updated 2 months ago
- My Main App Hacking CheckList☆31Jun 20, 2026Updated 3 weeks ago
- BountyLens MCP server — connect Claude Code to your Hunter Tracker☆64Jun 22, 2026Updated 3 weeks ago
- NextSSRF — CVE-2026-44578 Scanner & Exploit ║ ║ Next.js WebSocket Upgrade Handler SSRF☆75May 15, 2026Updated 2 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A tool for detecting subdomain takeover vulnerabilities by checking DNS records☆33May 28, 2026Updated last month
- Malleable Caddy Redirector☆17Apr 24, 2026Updated 2 months ago
- Replay any request as another user to find IDOR/BOLA/BFLA, right in the browser.☆26Jun 16, 2026Updated 3 weeks ago
- A tool to generate wordlists based on case☆30Nov 24, 2025Updated 7 months ago
- ☆45Sep 25, 2025Updated 9 months ago
- An Automated Framework for End-to-End Blind XSS Detection and Reporting☆17Jan 23, 2026Updated 5 months ago
- Burp Suite extension + port-based highlighter: dedupes HTTP history into a live unique-request feed and color-codes attacker/victim traff…☆18Jul 7, 2026Updated last week
- Open-source passive reconnaissance and exposure discovery tool that leverages VirusTotal and the Wayback Machine to uncover subdomains, U…☆146Jun 23, 2026Updated 3 weeks ago
- How To approach recon on real targets — from passive enumeration to origin IP discovery. Covers tools, automation, and the logic behind e…☆324Jul 5, 2026Updated last week
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Security AI helper for Caido: pipes your local Claude Code / Gemini / Codex / Copilot CLI through 18 MCP tools for manual web security te…☆37Jun 26, 2026Updated 2 weeks ago
- AI-Powered Agents for Bub-Bounty Pentesting and Red-Teaming purposes☆342Apr 30, 2026Updated 2 months ago
- Autonomous Bug Bounty Hunting Framework powered by Claude Code. 20 AI agents, state-machine orchestration, Burp Suite MCP, credential vau…☆52May 19, 2026Updated last month
- ☆96May 11, 2026Updated 2 months ago
- Bug bounty methodology, checklists, and hunting notes.☆21Updated this week
- ☆157Jan 22, 2026Updated 5 months ago
- ☆20Updated this week
- All-round bug bounty skill for Claude Code parallelized agents for smart contract audits (EVM, Move, Solana, TRON), web/API security, an…☆174Updated this week
- Argus is used to test for Blind XSS and SSRF vulnerbilities or any sort of OOB detection☆14Nov 1, 2024Updated last year
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- The malicious IdP you were looking for. A weaponized Single Sign-On (SSO) Identity Provider (IdP) for security testing of OIDC and SAML 2…☆38Jun 6, 2026Updated last month
- A Fuzzing skill based on purely what i know.☆39Jun 3, 2026Updated last month
- Search for all leaked keys/secrets using one regex! bugbounty☆241Mar 29, 2025Updated last year
- Step-by-step documentation on how to decrypt SCCM database secrets offline☆50Oct 20, 2025Updated 8 months ago
- Get acquisitions by scraping titles of crunchbase.☆16Dec 18, 2024Updated last year
- PenTest and BugBounty 🕵️☆15Updated this week
- A comprehensive WordPress vulnerability scanner and exploitation framework for authorized penetration testing. This tool automatically de…☆70May 21, 2026Updated last month
- Agent skills to find and fix software bugs☆153Updated this week
- React Shell & Next.js RSC Exploit Tool (CVE-2025-55182)☆253Dec 12, 2025Updated 7 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- JSBerg is a fast and efficient URL scraper that extracts links, JavaScript files, CSS files, images, and inline URLs from a list of websi…☆24Mar 19, 2025Updated last year
- RepShot · Generate professional security finding cards directly from Burp Suite Repeater.☆97May 31, 2026Updated last month
- Port scanning is crucial in recon, but running it manually on big scopes? Nope. That’s why I made Nmap Bomber a Python script that runs f…☆43Jul 31, 2025Updated 11 months ago
- Curated Linux LPE corpus — 28 modules from 2016 to 2026, with detection rules. One command, safest-first root: skeletonkey --auto --i-kno…☆16Updated this week
- Dump Linux keyrings☆24Jul 15, 2024Updated last year
- ☆16Oct 14, 2022Updated 3 years ago
- A Caido plugin to monitor, intercept, and debug JavaScript sinks based on customizable configurations.☆42Apr 8, 2026Updated 3 months ago