Italy (Rimini)

m4ll0k (mallok)

Elite
@m4ll0k

Life is short .. hack it! || m4ll0k@pm.me

SecretFinder. SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

2.5k

BBTz. BBT - Bug Bounty Tools (examples💡)

1.9k

Atlas. Quick SQLMap Tamper Suggester

1.4k

autobreakpointer. Automated JavaScript Debugging Tool using CDP - Automatically sets breakpoints for specified strings/patterns in JavaScript code

94

Awesome-Bugbounty-Writeups. A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

44

PayloadsAllTheThings. A list of useful payloads and bypass for Web Application Security and Pentest/CTF

21

hacks. A collection of hacks and one-off scripts

18

OneListForAll. Rockyou for web fuzzing

15

PayloadsAllThePDFs. PDF Files for Pentesting

15

GitDorker. A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

14

dirsearch. Web path scanner

12

bbscope. Scope gathering tool for HackerOne, Bugcrowd, Intigriti and Immunefi!

9

PoC-in-GitHub. 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

8

gsd-database. Global Security Database

8

LinkFinder. A python script that finds endpoints in JavaScript files

6

XSS-Bypass-Filters.

6

youzai. 基于Golang开发的WEB漏洞扫描器

6

Holmes. Website FingerPrint Recognition

6

cve. Gather and update all available and newest CVEs with their PoC.

6

confused. Tool to check for dependency confusion vulnerabilities in multiple package management systems

5

reapoc. OpenSource Poc && Vulnerable-Target Storage Box.

5

gmapsapiscanner. Python

5

system-prompts-and-models-of-ai-tools. FULL v0, Cursor, Manus, Same.dev, Lovable, Devin, Replit Agent, Windsurf Agent & VSCode Agent (And other Open Sourced) System Prompts, Tools & AI Models.

3

nowafpls. Burp Plugin to Bypass WAFs through the insertion of Junk Data

3

hacker0x01.github.io. HTML

3

HackerzHat. Python

3

projmem. Drift-aware code memory for AI agents

3

shhgit. Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.

2

ChatGPT-Micro-Cap-Experiment. This repo powers my blog experiment where ChatGPT manages a real-money micro-cap stock portfolio.

2

intrigue-core. Discover Your Attack Surface!

2

fingerprint. 各种工具指纹收集分享

2

khoj. Your AI second brain. Self-hostable. Get answers from the web or your docs. Build custom agents, schedule automations, do deep research. Turn any online or local LLM into your personal, autonomous AI (gpt, claude, gemini, llama, qwen, mistral). Get started - free.

2

FingerprintHub. 侦查守卫(ObserverWard)的指纹库

2

OpenHands. 🙌 OpenHands: Code Less, Make More

1

n8n. Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.

1

Immunefi-bug-bounty-writeups-list. curation of all(most) immunefi bug bounty writeups I could find(till now)

1

gitleaks. Protect and discover secrets using Gitleaks 🔑

1

http-garden. Differential fuzzing REPL for HTTP implementations.

1

L1B3RT4S. TOTALLY HARMLESS LIBERATION PROMPTS FOR GOOD LIL AI'S

1

trufflehog. Find, verify, and analyze leaked credentials

1

cve-schema. This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published here. This repository is managed by the CVE Quality Working Group.

1

misp-warninglists. Warning lists to inform users of MISP about potential false-positives or other information in indicators

1

jaeles-signatures. Default signature for Jaeles Scanner

1

intrigue-ident. Application and Service Fingerprinting

1
44
Apply