Collection of scripts that I use while bug hunting
☆48Jun 10, 2023Updated 2 years ago
Alternatives and similar repositories for hacks
Users that are interested in hacks are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Tool for testing reflections in the HTTP responses☆60Jun 10, 2023Updated 2 years ago
- XSS payloads for bypassing WAF. This repository is updating continuously.☆10Aug 8, 2021Updated 4 years ago
- ☆100Mar 6, 2023Updated 3 years ago
- About Recon Tools,Methodology and writeups☆18Dec 16, 2023Updated 2 years ago
- All About Dependency Confusion Attack, (Detecting, Finding, Mitigating)☆305Mar 12, 2024Updated 2 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Hand-made Improved Nuclei Templates!🪴☆13Jun 12, 2023Updated 2 years ago
- My Priv8 Nuclei Templates☆340May 12, 2024Updated last year
- ☆20Apr 5, 2023Updated 2 years ago
- A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues☆374Jul 25, 2023Updated 2 years ago
- Never forget where you inject.☆299Aug 15, 2025Updated 7 months ago
- Supertruder but better☆31Mar 10, 2023Updated 3 years ago
- i will upload more templates here to share with the comunity.☆569Apr 17, 2024Updated last year
- ☆35Aug 15, 2020Updated 5 years ago
- ☆15May 6, 2023Updated 2 years ago
- NordVPN Special Discount Offer • AdSave on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
- Stay on the beat with SubHound - receive notifications for new subdomains on Telegram and Discord! 🐶🎵☆17Jun 4, 2023Updated 2 years ago
- Kyuubi is a Telegram bot written in Golang. a multipurpose telegram bot to use in recon process. Don't you have access to terminal to do …☆12Oct 11, 2023Updated 2 years ago
- DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE☆27Nov 28, 2021Updated 4 years ago
- A tool to extract all the urls and paths found in the content of a page (js sources included)☆22Aug 8, 2025Updated 7 months ago
- Fetch Javascript sourcemaps, bounty hunter style☆42May 21, 2023Updated 2 years ago
- ☆17Sep 15, 2023Updated 2 years ago
- Basic Bash Script to scrape all subdomains from crtsh in a single run☆19May 23, 2022Updated 3 years ago
- AutoRecon-XSS is a script designed for automated reconnaissance of XSS vulnerabilities. It crawls the target URL or alive domains, extrac…☆133Feb 27, 2024Updated 2 years ago
- Authorization-Nuclei-Templates☆39Sep 16, 2024Updated last year
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- Xssor.go is a xss reflections checker for urls☆72Mar 22, 2023Updated 3 years ago
- ☆66Aug 25, 2021Updated 4 years ago
- A powerful Burp Suite extension that imports Postman collections☆31Aug 1, 2025Updated 7 months ago
- JSNotify is a Python script designed to monitor JavaScript files in a specified directory for changes. This tool can be used by developer…☆18Nov 15, 2023Updated 2 years ago
- ☆60Oct 9, 2024Updated last year
- A path-normalization pentesting tool.☆153Jan 22, 2026Updated 2 months ago
- Quickly generate context-specific wordlists for content discovery from lists of URLs or paths☆238May 4, 2022Updated 3 years ago
- A comprehensive reconnaissance and vulnerability scanning tool that combines multiple security assessment capabilities into a single auto…☆26Jun 24, 2025Updated 9 months ago
- Yet Another 403 Bypass Tool☆12Feb 19, 2023Updated 3 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- ShoLister is a tool that collects all available subdomains for specific hostname or organization from Shodan. The tool is designed to be …☆60May 10, 2022Updated 3 years ago
- A curated list of daily learnings, writeups, blogs, tips and everything related to hacking☆12Feb 5, 2023Updated 3 years ago
- Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist☆1,503Jan 8, 2026Updated 2 months ago
- The Serverless Blind XSS App☆338Feb 21, 2026Updated last month
- Astra is a tool to find URLs and secrets inside a webpage/files☆212Mar 14, 2023Updated 3 years ago
- Search for sensitive data in Postman public library. Original work from https://github.com/cosad3s/postleaks☆30Feb 13, 2026Updated last month
- Open-Source Phishing Toolkit☆20May 23, 2021Updated 4 years ago