Skip to content
View m0chan's full-sized avatar
💭
Hacking
💭
Hacking
1.3k followers · 14 following

Achievements

Achievement: Starstruckx2Achievement: Arctic Code Vault Contributor

Achievements

Achievement: Starstruckx2Achievement: Arctic Code Vault Contributor

Highlights

  • Pro

Block or report m0chan

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Stars

28 stars written in JavaScript
Clear filter

denysdovhan / wtfjs

🤪 A list of funny and tricky JavaScript examples

JavaScript 37,766 2,688 Updated Mar 18, 2025

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

JavaScript 20,600 3,610 Updated Mar 17, 2026

cure53 / DOMPurify

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

JavaScript 16,769 829 Updated Mar 14, 2026

its-a-feature / Mythic

A collaborative, multi-platform, red teaming framework

JavaScript 4,368 572 Updated Mar 19, 2026

DO-SAY-GO / dn

💾 dn - offline full-text search and archiving for your Chromium-based browser.

JavaScript 3,896 150 Updated Mar 4, 2026

m0bilesecurity / RMS-Runtime-Mobile-Security

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

JavaScript 2,985 404 Updated Mar 18, 2026

kgretzky / pwndrop

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

JavaScript 2,243 286 Updated Feb 25, 2023

Ch0pin / medusa

Mobile Edge-Dynamic Unified Security Analysis

JavaScript 2,198 296 Updated Mar 19, 2026

httptoolkit / frida-interception-and-unpinning

Frida scripts to rewrite mobile applications at runtime to directly MitM all HTTPS traffic

JavaScript 2,031 270 Updated Mar 18, 2026

mandatoryprogrammer / CursedChrome

Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.

JavaScript 1,701 250 Updated Oct 26, 2024

hakluke / weaponised-XSS-payloads

XSS payloads designed to turn alert(1) into P1

JavaScript 1,394 228 Updated Sep 12, 2023

fransr / postMessage-tracker

A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon

JavaScript 1,296 190 Updated Jan 26, 2024

JoelGMSec / EvilnoVNC

Ready to go Phishing Platform

JavaScript 1,117 207 Updated May 6, 2025

nttgin / BGPalerter

BGP and RPKI monitoring tool. Pre-configured for real-time detection of visibility loss, RPKI invalid announcements, hijacks, ROA misconfiguration, and more.

JavaScript 979 168 Updated Feb 15, 2026

RenwaX23 / XSSTRON

Electron JS Browser To Find XSS Vulnerabilities Automatically

JavaScript 748 122 Updated Mar 30, 2021

mandatoryprogrammer / JudasDNS

Nameserver DNS poisoning attacks made easy

JavaScript 524 92 Updated Feb 26, 2017

ivan-sincek / android-penetration-testing-cheat-sheet

Work in progress...

JavaScript 472 72 Updated Feb 24, 2026

pwndoc-ng / pwndoc-ng

Pentest Report Generator

JavaScript 450 111 Updated Oct 23, 2025

m0bilesecurity / Frida-Mobile-Scripts

Collection of useful FRIDA Mobile Scripts

JavaScript 426 115 Updated Aug 10, 2021

al-sultani / url-tracker

Change monitoring app that checks the content of web pages in different periods.

JavaScript 358 58 Updated Feb 21, 2026

koenbuyens / Vulnerable-OAuth-2.0-Applications

vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.

JavaScript 328 77 Updated Mar 27, 2024

benso-io / posta

🐙 Cross-document messaging security research tool powered by https://enso.security

JavaScript 301 38 Updated May 22, 2023

jobertabma / transformations

JavaScript 172 21 Updated Jan 26, 2023

NikhilPanwar / secrets-ninja

Secrets Ninja is an GUI tool for validating & investigating API keys discovered during pentesting & bug bounty hunting.

JavaScript 159 21 Updated Mar 5, 2026

jfmaes / phisherman

A real fake social engineering app

JavaScript 131 24 Updated Jul 13, 2025

its-a-feature / Orchard

JavaScript for Automation (JXA) tool to do Active Directory enumeration.

JavaScript 107 14 Updated Feb 19, 2022

hoodoer / WP-XSS-Admin-Funcs

JavaScript functions intended to be used as an XSS payload against a WordPress admin account.

JavaScript 56 11 Updated Oct 6, 2020

pdstat / graphqlextractor

Extract GraphQL operations from javascript

JavaScript 23 2 Updated Mar 18, 2026