Collection of scripts that I use while bug hunting
☆47Jun 10, 2023Updated 3 years ago
Alternatives and similar repositories for hacks
Users that are interested in hacks are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Tool for testing reflections in the HTTP responses☆60Jun 10, 2023Updated 3 years ago
- XSS payloads for bypassing WAF. This repository is updating continuously.☆10Aug 8, 2021Updated 4 years ago
- ☆100Mar 6, 2023Updated 3 years ago
- About Recon Tools,Methodology and writeups☆18Dec 16, 2023Updated 2 years ago
- All About Dependency Confusion Attack, (Detecting, Finding, Mitigating)☆305Mar 12, 2024Updated 2 years ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- Hand-made Improved Nuclei Templates!🪴☆13Jun 12, 2023Updated 3 years ago
- ☆19Apr 5, 2023Updated 3 years ago
- My Priv8 Nuclei Templates☆343May 12, 2024Updated 2 years ago
- A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues☆376Jul 25, 2023Updated 2 years ago
- Never forget where you inject.☆302Aug 15, 2025Updated 10 months ago
- Supertruder but better☆31Mar 10, 2023Updated 3 years ago
- i will upload more templates here to share with the comunity.☆572Apr 17, 2024Updated 2 years ago
- ☆35Aug 15, 2020Updated 5 years ago
- ☆15May 6, 2023Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Stay on the beat with SubHound - receive notifications for new subdomains on Telegram and Discord! 🐶🎵☆17Jun 4, 2023Updated 3 years ago
- DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE☆28Nov 28, 2021Updated 4 years ago
- A tool to extract all the urls and paths found in the content of a page (js sources included)☆22Aug 8, 2025Updated 10 months ago
- Fetch Javascript sourcemaps, bounty hunter style☆46May 21, 2023Updated 3 years ago
- ☆17Sep 15, 2023Updated 2 years ago
- Basic Bash Script to scrape all subdomains from crtsh in a single run☆19May 23, 2022Updated 4 years ago
- AutoRecon-XSS is a script designed for automated reconnaissance of XSS vulnerabilities. It crawls the target URL or alive domains, extrac…☆133Feb 27, 2024Updated 2 years ago
- Authorization-Nuclei-Templates☆39Sep 16, 2024Updated last year
- Xssor.go is a xss reflections checker for urls☆73Mar 22, 2023Updated 3 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- A powerful Burp Suite extension that imports Postman collections☆31Aug 1, 2025Updated 10 months ago
- ☆66Aug 25, 2021Updated 4 years ago
- JSNotify is a Python script designed to monitor JavaScript files in a specified directory for changes. This tool can be used by developer…☆18May 30, 2026Updated 2 weeks ago
- A path-normalization pentesting tool.☆154Apr 2, 2026Updated 2 months ago
- ☆60Oct 9, 2024Updated last year
- Yet Another 403 Bypass Tool☆12Feb 19, 2023Updated 3 years ago
- A comprehensive reconnaissance and vulnerability scanning tool that combines multiple security assessment capabilities into a single auto…☆27Jun 24, 2025Updated 11 months ago
- Quickly generate context-specific wordlists for content discovery from lists of URLs or paths☆240May 4, 2022Updated 4 years ago
- A curated list of awesome projects, libraries, and tools for MedSec.☆19Mar 22, 2019Updated 7 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- ShoLister is a tool that collects all available subdomains for specific hostname or organization from Shodan. The tool is designed to be …☆60May 10, 2022Updated 4 years ago
- A curated list of daily learnings, writeups, blogs, tips and everything related to hacking☆12Feb 5, 2023Updated 3 years ago
- Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist☆1,519Jan 8, 2026Updated 5 months ago
- The Serverless Blind XSS App☆338Mar 28, 2026Updated 2 months ago
- Astra is a tool to find URLs and secrets inside a webpage/files☆211Mar 14, 2023Updated 3 years ago
- Search for sensitive data in Postman public library. Original work from https://github.com/cosad3s/postleaks☆33Feb 13, 2026Updated 4 months ago
- Open-Source Phishing Toolkit☆20May 23, 2021Updated 5 years ago