A User Defined function written in C for PostgreSQL Extensions, can be compiled as DLL for RCE on windows machines.

Vandalize old emails. Like an NFT that's easy to prove ownership of.

PHP tool that takes screenshots of a given ips/ports combo list and then try to guess the service.

Graphql introspection query analyzer.

Alternative to XSS Hunter for blind XSS.

Extract data from a .git directory.

Analyze Content-Security-Policy header of a given URL.

Never ever ever use pixelation as a redaction technique

Prototype Pollution using `flat` with Next.js

A very simple lab for cracking Flask session cookies

This extension replaces the default repeater tab name with the URL path of the repeater request.

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

The objective of this Burp Suite extension is the flexible and dynamic extraction, correlation, and structured presentation of information from the Burp Suite project as well as the flexible and dy…

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

A rapid API for the Project Sonar dataset

sub domain wild card filtering tool

Take a list of IP addresses and probe for working HTTP and HTTPS servers

A set of recipes useful in pentesting and red teaming scenarios

Network footprint scanner platform. Discover domains and run your custom checks periodically.

Hands-on content for Humla/Puliya sessions at null community

Shodan subdomain finder

An automated target reconnaissance pipeline.

Pentester-focused Docker registry tool to enumerate and pull images

Ressources for bug bounty hunting

Reconstruct javascript from a sourcemap in bash