Life is short .. hack it! || m4ll0k@pm.me
SecretFinder. SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
2.5kBBTz. BBT - Bug Bounty Tools (examples💡)
1.9kAtlas. Quick SQLMap Tamper Suggester
1.4kautobreakpointer. Automated JavaScript Debugging Tool using CDP - Automatically sets breakpoints for specified strings/patterns in JavaScript code
94Awesome-Bugbounty-Writeups. A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
44PayloadsAllTheThings. A list of useful payloads and bypass for Web Application Security and Pentest/CTF
21hacks. A collection of hacks and one-off scripts
18OneListForAll. Rockyou for web fuzzing
15PayloadsAllThePDFs. PDF Files for Pentesting
15GitDorker. A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
14dirsearch. Web path scanner
12bbscope. Scope gathering tool for HackerOne, Bugcrowd, Intigriti and Immunefi!
9PoC-in-GitHub. 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
8gsd-database. Global Security Database
8LinkFinder. A python script that finds endpoints in JavaScript files
6XSS-Bypass-Filters.
6youzai. 基于Golang开发的WEB漏洞扫描器
6Holmes. Website FingerPrint Recognition
6cve. Gather and update all available and newest CVEs with their PoC.
6confused. Tool to check for dependency confusion vulnerabilities in multiple package management systems
5reapoc. OpenSource Poc && Vulnerable-Target Storage Box.
5gmapsapiscanner. Python
5system-prompts-and-models-of-ai-tools. FULL v0, Cursor, Manus, Same.dev, Lovable, Devin, Replit Agent, Windsurf Agent & VSCode Agent (And other Open Sourced) System Prompts, Tools & AI Models.
3nowafpls. Burp Plugin to Bypass WAFs through the insertion of Junk Data
3hacker0x01.github.io. HTML
3HackerzHat. Python
3projmem. Drift-aware code memory for AI agents
3shhgit. Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
2ChatGPT-Micro-Cap-Experiment. This repo powers my blog experiment where ChatGPT manages a real-money micro-cap stock portfolio.
2intrigue-core. Discover Your Attack Surface!
2fingerprint. 各种工具指纹收集分享
2khoj. Your AI second brain. Self-hostable. Get answers from the web or your docs. Build custom agents, schedule automations, do deep research. Turn any online or local LLM into your personal, autonomous AI (gpt, claude, gemini, llama, qwen, mistral). Get started - free.
2FingerprintHub. 侦查守卫(ObserverWard)的指纹库
2OpenHands. 🙌 OpenHands: Code Less, Make More
1n8n. Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
1Immunefi-bug-bounty-writeups-list. curation of all(most) immunefi bug bounty writeups I could find(till now)
1gitleaks. Protect and discover secrets using Gitleaks 🔑
1http-garden. Differential fuzzing REPL for HTTP implementations.
1L1B3RT4S. TOTALLY HARMLESS LIBERATION PROMPTS FOR GOOD LIL AI'S
1trufflehog. Find, verify, and analyze leaked credentials
1cve-schema. This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published here. This repository is managed by the CVE Quality Working Group.
1misp-warninglists. Warning lists to inform users of MISP about potential false-positives or other information in indicators
1jaeles-signatures. Default signature for Jaeles Scanner
1intrigue-ident. Application and Service Fingerprinting
1