vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

A fast DOM based XSS vulnerability scanner with simplicity.

A curated list of blockchain security Capture the Flag (CTF) competitions

It grep subdomains, wordlist, email/username etc from gau results

Find credentials all over the place

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

Prototype Pollution and useful Script Gadgets

A wordlist of API names for web application assessments

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

Insecure Firebase | Bugbounty | Hacking Insecure Firbase

HTTP parameter discovery suite.

A repository that includes all the important wordlists used while bug hunting.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

This repository contains various media files for known attacks on web applications processing media files. Useful for penetration tests and bug bounty.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Starter files, final projects and FAQ for my Complete JavaScript course