w9w / JSA
Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.
☆313Updated last year
Related projects: ⓘ
- Burp extension to create target specific and tailored wordlist from burp history.☆228Updated 2 years ago
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices☆287Updated last year
- Burp Extension for easily creating Wordlists☆208Updated 2 years ago
- Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations☆328Updated 4 years ago
- Unofficial documentation for the great tool Param Miner☆169Updated 2 years ago
- Quickly generate context-specific wordlists for content discovery from lists of URLs or paths☆213Updated 2 years ago
- Secret and/or credential patterns used for gf.☆229Updated last year
- List of reporting templates I have used since I started doing BBH.☆226Updated this week
- IIS shortname scanner written in Go☆299Updated last year
- De-clutter a list of URLs☆307Updated 5 months ago
- ☆157Updated this week
- Nuclei templates written by us.☆263Updated 3 years ago
- ☆282Updated 2 years ago
- Turbo Intruder Scripts☆214Updated 4 years ago
- List of fresh DNS resolvers updated daily☆107Updated last year
- Js File Scanner☆159Updated 2 years ago
- Prototype pollution scanner using headless chrome☆196Updated 2 years ago
- Gotator is a tool to generate DNS wordlists through permutations.☆445Updated 2 years ago
- An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.☆206Updated 3 years ago
- A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate☆204Updated 2 months ago
- Finding XSS during recon☆245Updated 2 years ago
- ☆142Updated last year
- ☆192Updated this week
- Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, al…☆176Updated 3 years ago
- Poor (rich?) man's bug bounty pipeline https://dubell.io☆267Updated last year
- Domains belonging to the most reputed public bug bounty programs. [NOT FOR NON-MONETARY OR PRIVATE PROGRAMS]☆212Updated 3 weeks ago
- A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way t…☆227Updated 2 years ago
- ☆128Updated last year
- CT Log Scanner☆241Updated 3 months ago
- A reverse whois tool based on Whoxy API.☆156Updated 5 months ago