A fast, simple, recursive content discovery tool written in Rust.

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

Solve Google reCAPTCHA in less than 5 seconds! 🚀

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

This repository is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) and HTML sanitizers like DOMPurify.

Most advanced XSS scanner.

SSL bypass check

Rockyou for web fuzzing

NucleiFuzzer is a robust automation tool designed for efficiently detecting web application vulnerabilities, including XSS, SQLi, SSRF, and Open Redirects, leveraging advanced scanning and URL enum…

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1400多个poc/exp，长期更新。

Nmap script that scans for probable vulnerabilities based on services discovered in open ports.

A script to scan domains for API endpoints, keys, and sensitive data

Community curated list of templates for the nuclei engine to find security vulnerabilities.

CeWL is a Custom Word List Generator

OneForAll是一款功能强大的子域收集工具

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

Automatic SSTI detection tool with interactive interface

Wordlists for content discovery with special words in different languages