Hunt down social media accounts by username across social networks

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.

Automatic SQL injection and database takeover tool

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. Used by OpenAI and Anthropic.

🤖 The Modern Port Scanner 🤖

🕵️‍♂️ Collect a dossier on a person by username from 3000+ sites

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Fast web fuzzer written in Go

A collection of hacking tools, resources and references to practice ethical hacking.

Web path scanner

articles

Directory/File, DNS and VHost busting tool written in Go

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

hydra

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Attack Surface Management Platform

The recursive internet scanner for hackers. 🧡

A list of public penetration test reports published by several consulting firms and academic security groups.

An HTTP toolkit for security research.

A swiss army knife for pentesting networks

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Useful tool to track location or mobile number

You Know, For WEB Fuzzing !