This is your work, valued

'-confirm `1`-'

<button value=1>1

Elite
@zeroc00I

Because real attackers don't need to be sophisticated. They just need to be trusted.

AllVideoPocsFromHackerOne. This script grab public report from hacker one and make some folders with poc videos

924

ReconNotes. Just some public notes that can be useful and i want let the world knows.

92

BashitRecon. A collection of famous recon public scripts, but in bash <3

30

zeroapk. Shell

18

the-book-of-secret-knowledge. A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

13

AEMusefulKnowledges.

10

zfavalive. Python

8

subs_all. Subdomain Enumeration Wordlist. 8956437 unique words. Updated.

7

google_free_proxy. A simple script to GET pages through 6 Google Servers without any authentication

6

VirtualAndroidToBugHunt. Just steps that you have to follow in order to be able to do bughunt in app enviroment

6

keyhacks. Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

6

CVE-2022-34305.

5

spiderKing. Shell

5

eternalnoobchallenges. This repository contains some challenges made to the understanding of how exploit some scenarios where there are security vulnerabilities and help to think about how to mitigate them =)

5

Android-Reports-and-Resources. A big list of Android Hackerone disclosed reports and other resources.

4

mssql_danger_functionalities_and_misconfigurations.

4

reclame_aqui_scrapper. .

3

navgix. navgix is a multi-threaded golang tool that will check for nginx alias traversal vulnerabilities

3

im_blockchain_begginer.

3

titaniumDigger. Python

3

censys-subdomain-finder-non-api. Using censys to find subdomains but without the APIs just scrapping

2

CEH. Notes for CEH v10 exam (source code)

2

rusolver. Fast DNS resolver written in Rust.

2

BurpSuite_403Bypasser. Burpsuite Extension to bypass 403 restricted directory

2

scripts-2. collection of testing scripts

2

asn. ASN/IPv4/IPv6/Prefix/AS Path lookup tool

2

DNS-exfiltration-using-blind-xss-. These payloads will help u in your blind xss dumping cookies through dns exfiltration using subdomain dns queries

2

test_github_action.

2

Fake-Reverse-Shell. A Python script to hack the hacker by trolling him while expecting a reverse shell

2

zerostore. A FireStore automation for pentesters

1

ztelegramDownloader. Python

1

jxscout. jxscout superpowers JavaScript analysis for security researchers

1

jdam.

1

VhostFinder. Identify virtual hosts by similarity comparison

1

FlaskRedis. enhancing my skill assets with python

1

InjuredAndroid. A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

1

EVABS. An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

1

awesome-api-security. A collection of awesome API Security tools and resources.

1

certex. monitors certificate transparency logs

1

AWS-IAM-Privilege-Escalation. A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.

1

Drupal4Dummies. Python

1

qsinject. qsinject (Query String Inject) is a tool that allows you to quickly substitute query string values with regex matches, one-at-a-time.

1

cve-2025-29927. JavaScript

1

31-days-of-API-Security-Tips. This challenge is Inon Shkedy's 31 days API Security Tips.

1

Awesome-WAF. 🔥 Everything you'll need to know about web-application firewalls (WAF).

1

Oblivion. Data leak checker & OSINT Tool

1

Bug-Bounty-Wordlists. HTML

1

HINTS. Python

1

CVE-2021-09-03. Just testing if some bot will do some action here LOL

1

Galaxy-Bugbounty-Checklist. Tips and Tutorials for Bug Bounty and also Penetration Tests.

1

zeroc00i.github.io. SCSS

1

Interlace. Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

1

xssXD. Go

1

BurpBounty. Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

1

Bug-Bounty-Toolz. BBT - Bug Bounty Tools

1

Shodanfy.py. Get ports,vulnerabilities,informations,banners,..etc for any IP with Shodan (no apikey! no rate-limit!)

1

CT_subdomains. An hourly updated list of subdomains gathered from certificate transparency logs

1

unfurl. Pull out bits of URLs provided on stdin

1

XSpear. Powerfull XSS Scanning and Parameter analysis tool&gem

1

awesome-oneliner-bugbounty. A collection of awesome one-liner scripts especially for bug bounty tips.

1