Fast subdomains enumeration tool for penetration testers

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and re…

Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Large Language Models (LLMs).

OSINT tools for Information gathering, Cybersecurity, Reverse searching, bugbounty, trust and safety, red team oprations and more.

A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp /…

eBPF-based Networking, Security, and Observability

Cloudflare, Sucuri, Incapsula real IP tracker.

CasaOS - A simple, easy-to-use, elegant open-source Personal Cloud system.

WhatsApp tools for Android

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

Self-contained script for cleaning forensic traces on Linux, macOS, and Windows.

Fast passive subdomain enumeration tool.

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

This Repository is a collection of different ethical hacking tools and malware's for penetration testing and research purpose written in python, ruby, rust, c++, go and c.

Automation for javascript recon in bug bounty.

🔍 Bug Bounty Search Engine - Advanced reconnaissance toolkit with 64+ Google dork queries organized into 10 categories for security researchers. Features subdomain discovery, exposed files detectio…

HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac 🎉 Open an issue here to give feedback or ask for help.

Open-source security research tool for identifying origin IP exposure of websites protected by Cloudflare and similar reverse proxy services.

FlipperDroid is a Kotlin-based Android app that turns your smartphone into a powerful mobile cybersecurity toolkit, emulating Flipper Zero features like NFC, RFID, Bluetooth, BadUSB, and more.

Depix is a PoC for a technique to recover plaintext from pixelized screenshots.

A Magisk, KernelSU and APatch module that enables unix-style (verbose) boot animation for Android devices

An NFC research toolkit application for Android

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Simple, open source, lightweight and privacy-friendly web analytics alternative to Google Analytics.

Frida script bypass detect emulator using framgia library on Android application

Noxer is a powerful Python script designed for automating Android penetration testing tasks within the Nox Player emulator.

An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.

A list of articles, videos, and tools related to the use of AI for OSINT.