Web-Security on HackyFeed

AllHackingTools

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: AllHackingTools is a penetration testing toolkit designed for Termux that automates the installation and management of various hacking tools. Its primary use case is to facilitate the setup and customization of a hacking environment on Termux, allowing users to quickly download and run tools directly from the interface. Notable features include an updated installer with enhanced design elements, streamlined updating capabilities, and improved system stability.

README

• License • Issues • Project • Wikipedia •

Attiny85

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The DigiSpark Attiny85 repository provides a cost-effective alternative to Rubber Ducky, enabling users to program the Attiny85 to function as a Human Interface Device (HID) that sends keystrokes to a computer. It includes various pre-built payloads such as a Wi-Fi password stealer, UAC bypass, and keylogger, allowing for a range of offensive actions from data exfiltration to system exploitation. Users can easily set up their development environment and execute these payloads using the Arduino IDE.

awesome-bugbounty-tools

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Awesome Bug Bounty Tools is a comprehensive, curated repository of various tools utilized in the bug bounty hunting and penetration testing process. It encompasses a wide range of categories including reconnaissance, exploitation, and miscellaneous utilities, featuring tools for tasks such as subdomain enumeration, various injection techniques, and vulnerability scanning. With an extensive selection of resources, this repository aims to streamline the bug hunting workflow for security professionals.

README

Awesome Bug Bounty Tools

A curated list of various bug bounty tools

awesome-web-hacking

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The “awesome-web-hacking” repository serves as a comprehensive resource for individuals seeking to enhance their knowledge of web application security. It includes categorized lists of books, documentation, tools, cheat sheets, and educational courses, making it a valuable starting point for learning about penetration testing and various security vulnerabilities. Notable features include contributions from the community through pull requests and a diverse array of resources for both beginners and experienced security professionals.

bashbunny-payloads

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The Bash Bunny Payload Library provides a collection of community-developed payloads and extensions specifically designed for the Hak5 Bash Bunny, utilizing DuckyScript™ and Bash scripting languages. Its primary use case is to enable users to automate various tasks through the intuitive deployment of scripts, with notable features including community contributions and the ability to submit new payloads via pull requests. Additionally, the repository encourages collaboration and offers resources for building payloads through its associated PayloadStudio.

BlackWidow

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: BlackWidow is a Python-based web application spider designed for gathering critical information from target websites, including subdomains, URLs, dynamic parameters, email addresses, and phone numbers. It features an integrated fuzzer, Inject-X, which scans dynamic URLs for common OWASP vulnerabilities, and automatically saves collected data into organized text files. Notable functionalities include deep crawling with customizable levels, verbose logging, and support for fuzzing unique parameters for enhanced security testing.

burp-ai-agent

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Burp AI Agent is an extension for Burp Suite that enhances security testing workflows by integrating AI capabilities. It supports multiple AI backends, allowing users to run both passive and active vulnerability scans across a wide array of vulnerability classes, while featuring options for privacy settings and audit logging for compliance. Additionally, it can connect to external AI agents via the MCP, enabling autonomous operation and enriching the security analysis process.

Burp-Suite-Certified-Practitioner-Exam-Study

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The Burp Suite Certified Practitioner Exam Study repository contains comprehensive study notes and practical labs designed to aid candidates in preparing for the Burp Suite Certified Practitioner (BSCP) Exam. It includes over 110 labs covering essential topics such as scanning, footholds, privilege escalation, and data exfiltration, alongside practical techniques and scripts tailored for effective web application security testing. Notable features include a structured approach to vulnerability assessment and recommendations for additional training materials and resources to enhance exam readiness.

BurpBounty

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Burp Bounty is a Burp Suite extension designed to enhance both active and passive scanning capabilities by allowing users to create personalized scanning rules through an intuitive graphical interface. The tool offers advanced pattern search and payload improvement features to build custom issue profiles, catering to automated and manual penetration testing workflows. A notable aspect is the availability of profiles shared by the community, which further augments its functionality.

BurpCrypto

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: BurpCrypto is a collection of encryption plugins for Burp Suite, supporting multiple encryption algorithms including AES, RSA, and DES, as well as the execution of JavaScript code for encryption tasks. Its primary use case is to enhance the capabilities of security professionals by allowing them to integrate cryptographic functions directly into their testing workflows. Notable features include a user-friendly interface for key management and seamless integration with Burp Suite’s payload processing system.

burpgpt

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: BurpGPT is an advanced security extension that integrates with Burp Suite to analyze web traffic using AI-driven techniques, specifically utilizing OpenAI’s models to uncover security vulnerabilities that conventional scanners may overlook. Its notable features include customizable prompts for tailored analysis, automated report generation summarizing potential security issues, and granular control over the analysis parameters. This tool streamlines the vulnerability assessment process, improving the efficiency and accuracy of security professionals while handling the complexities of web application security.

BurpSuite-collections

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: BurpSuite-collections is a repository containing various non-BApp Store plugins for Burp Suite, aimed at enhancing penetration testing capabilities. Notable features include SQL injection detection, automated SSRF vulnerability scanning, and the ability to manage variables within Burp, allowing security professionals to effectively discover and exploit vulnerabilities. The project serves primarily as a resource for learning and research related to Burp Suite plugins.

README

Burp-Suite-collections

BurpSuite 相关收集项目，插件主要是非BApp Store（商店）

所有的汉化或者使用burpsuite都是在你配置好了Java环境的前提下！！！相关教程

最新版（202212之后）~~激活参考这个项目自己解决，本项目不提供~~

caddy-waf

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Caddy WAF is a customizable middleware for the Caddy web server that functions as a Web Application Firewall, designed to provide advanced protection against a wide range of web-based threats. Key features include regex-based filtering, IP blacklisting, geo-blocking, rate limiting, anomaly scoring, and detailed monitoring capabilities, all aimed at securing applications while ensuring high performance through techniques like zero-copy networking and wait-free concurrency. The tool also supports seamless dynamic configuration reloads and offers precise insights into traffic and security events, making it a robust solution for safeguarding web applications.

collection-document

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The Collection Document repository is a curated compilation of quality safety articles aimed at enhancing knowledge in various cybersecurity domains. Its primary use case includes providing resources on topics such as penetration testing, threat detection, cloud security, and personal security, among others. Notable features of the collection include links to deep dives into specialized security areas, ongoing updates, and insights into modern security solutions like AI safety and zero trust architecture.

commix

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Commix is an open-source penetration testing tool designed for automating the detection and exploitation of command injection vulnerabilities in web applications. It supports multiple Python versions and includes extensive documentation with usage examples, facilitating ease of deployment and operation for security professionals. Notable features include comprehensive exploitation capabilities and a user-friendly interface for navigating various commands and options.

README

Commix (short for [comm]and [i]njection e[x]ploiter) is an open source penetration testing tool, written by Anastasios Stasinopoulos (@ancst), that automates the detection and exploitation of command injection vulnerabilities.

Cracker-Tool

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Cracker-Tool is a multifunctional hacking and penetration testing toolbox designed for Termux users, featuring a variety of capabilities including IP tools, subdomain scanning, DDoS attacks, SQL injections, and more. Notable functionalities include Cloudflare bypass for DDoS, identity generators, and a variety of administrative tools, making it a comprehensive resource for security testing. The tool is implemented in Python and Bash, emphasizing ease of installation and set up within the Termux environment.

crlfuzz

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: CRLFuzz is a specialized tool for detecting CRLF injection vulnerabilities in web applications, developed in Go for high performance. It offers flexible scanning options, including targeting individual URLs or multiple URLs from a list, and provides various command line flags to customize request methods, output results to files, and adjust concurrency levels. Notable features include support for custom headers, proxy usage, and integration capabilities with other security tools through standard input.

DDoS-Ripper

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: DDoS-Ripper is a Python-based tool designed to simulate Distributed Denial-of-Service (DDoS) attacks for educational and testing purposes. It supports various operating systems, including Linux, Termux, Windows, and MacOS, and allows users to specify the target IP address and intensity of the attack through command line parameters. Notable features include multi-platform compatibility and straightforward installation instructions, emphasizing an ethical usage disclaimer.

README

DDoS-Ripper

What is a DDoS Attack?

A Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

Ethical-Hacking-Tools

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Ethical-Hacking-Tools is a repository that provides a curated collection of tools and resources for ethical hacking and penetration testing. Its primary use case is to assist cybersecurity professionals in identifying and addressing vulnerabilities within computer systems and networks. Notable features include links to various Linux distributions optimized for security testing, such as Kali Linux and Parrot OS, along with educational content on hacking practices and hacker classifications.

README

Ethical-Hacking-Tools

faraday

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Faraday is an open-source vulnerability management tool designed to facilitate the organization, aggregation, and visualization of security data in a multiuser environment. Its primary use case is to streamline vulnerability discovery and management by integrating various community tools while providing insightful visualizations for both managers and analysts. Notable features include its command-line interface for direct terminal access, support for multiple installation methods (including Docker and PyPi), and the ability to automate scanning tools within CI/CD pipelines.

FavFreak

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: FavFreak is a reconnaissance tool that streamlines the process of gathering information using favicon hashes from a list of URLs. It fetches the favicon.ico for each URL, computes its hash, and matches it against a predefined fingerprint dictionary to identify known services. Key features include sorting results by favicon hashes and generating Shodan dorks, making it a valuable asset for bug bounty hunters and OSINT investigations.

README

FavFreak - Weaponizing favicon.ico for BugBounties , OSINT and what not

Garud

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Garud is an automation tool designed for reconnaissance, specifically targeting sub-domain enumeration and vulnerability scanning for injection points such as XSS, SSRF, and SSTI. It integrates multiple popular bug bounty tools, including Assetfinder, Subfinder, and Nuclei, to streamline the scanning process, outputting results systematically while notifying the user upon completion. Notable features include the ability to filter and identify low-hanging vulnerabilities, along with systematic data collection and reporting functionalities.

hack-tools

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The “hack-tools” repository offers a comprehensive collection of cybersecurity tools including DOS, information gathering utilities, malware creation kits, and remote administration tools, catering to a wide audience from enthusiasts to professionals. Key features include multi-platform support for Windows and Linux, compatibility with several programming languages, and the availability of free tools; however, users are cautioned about the legal implications and varying development statuses of the tools provided.

README

Hacking-Tools

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Hacking-Tools is a curated collection of penetration testing and ethical hacking utilities, including essential tools from Kali Linux. It is organized into categories such as information gathering, vulnerability analysis, and exploitation tools, facilitating easy navigation and use. Notable features include a featured tool, BugBoard, designed to automate vulnerability detection for bug bounty hunters and security researchers.

README

Hacking-Tools

A curated list of penetration testing and ethical hacking tools, organized by category. This collection includes Kali Linux tools and other notable utilities.

HackTools

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: HackTools is an all-in-one browser extension designed for offensive security professionals to facilitate web application penetration testing. It consolidates numerous penetration testing tools, including dynamic reverse shell generators, XSS payloads, and SQL injection payloads, allowing users to access critical functions quickly through a user-friendly command palette. The extension aims to enhance efficiency by eliminating the need to search for payloads across various platforms, all accessible within the browser’s DevTools environment.

HackVault

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: HackVault is a container repository designed for both defensive and offensive hacking tools. Its primary use case is to centralize and share various hacking utilities, which are intended to be continuously updated with new content over time. Notable features include a structured Wiki section for detailed information and ongoing additions to its arsenal of tools.

README

HackVault

This is a container repository for my defensive/offensive hacks. Go check the Wiki section for more information! Ideally, it’d be continually updated with new interesting stuff over time!

inceptor

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Inceptor is a Windows-focused penetration testing tool designed to automate the bypassing of anti-virus (AV) and endpoint detection and response (EDR) solutions. It features a template-based PE packer that allows extensive user customization and integrates various encoding methods for encoding, compressing, or encrypting shellcode. Notably, Inceptor supports transformations of existing binaries into shellcode and distinguishes between loader-independent and loader-dependent encoders to enhance payload obfuscation and evade detection.

README

:triangular_flag_on_post: This is the public repository of Inceptor, for latest version and updates please consider supporting us through https://porchetta.industries/

inql

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: InQL is an open-source Burp Suite extension tailored for advanced GraphQL testing, enabling security professionals to effectively identify vulnerabilities within GraphQL APIs. It features a user-friendly interface, robust query manipulation capabilities, and integration with Burp’s existing tools, significantly enhancing the testing process for GraphQL applications.

README

InQL v6.1.2 - Burp Extension for Advanced GraphQL Testing

JNDI-Injection-Exploit-Plus

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: JNDI-Injection-Exploit-Plus is a comprehensive tool designed for generating operational JNDI links, facilitating background services with RMI, LDAP, and HTTP servers to test vulnerabilities effectively. It enhances the functionality of standard JNDI exploit tools by offering additional remote and local reference gadgets, support for multiple JDK versions, and the capability to create base64 and hex payloads, making it a robust resource for security testing. With over 75 deserialization gadgets included, it provides a diverse set of options for vulnerability assessments.

jsql-injection

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: jSQL Injection is a lightweight, open-source tool designed for identifying database information from servers, optimized for penetration testing. It is cross-platform, supporting Windows, Linux, and Mac with Java compatibility from versions 21 to 25, and is integrated into various security-focused distributions such as Kali Linux. Notable features include a user-friendly interface, support for multiple database engines, and comprehensive testing functionalities, making it suitable for both novice and experienced security analysts.

KawaiiGPT

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: KawaiiGPT is an open-source command-line tool that provides seamless access to various large language models, including DeepSeek, Gemini, and Kimi-K2, through a reverse-engineered Pollinations API without the need for API keys. It features integrated prompt injection capabilities for security research, allowing for uncensored model access and red-team evaluations, along with native support for Linux and Termux, and a user-friendly console interface. Notably, it offers easy configuration options and a streamlined installation process via a single command.

llm-guard

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: LLM Guard is a security toolkit designed to enhance the safety of interactions with Large Language Models (LLMs) by providing features such as input sanitization, harmful language detection, data leakage prevention, and protection against prompt injection attacks. It supports easy integration into production environments and offers a variety of prompt and output scanners tailored for specific security concerns. The tool is continuously updated to adapt to emerging threats, ensuring robust security for LLM applications.

lonkero

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Lonkero is a professional-grade web security scanner engineered for advanced penetration testing, boasting over 125 sophisticated scanning modules written in Rust. Its notable features include an intelligent mode for context-aware scanning, machine learning capabilities to minimize false positives to 5%, and unique proof-based XSS detection that eliminates reliance on browsers, significantly increasing scan speed and accuracy. By leveraging a robust architecture that focuses on real vulnerabilities, Lonkero delivers efficient and precise security assessments for modern web technologies.

lunasec

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: LunaTrace is an open-source supply chain security and auditing tool that monitors software dependencies for vulnerabilities, integrating seamlessly with GitHub to notify users of new CVEs before deployment. It offers both a free SaaS option and self-hosted deployment capabilities, making it a versatile alternative to commercial tools like GitHub Dependabot and Snyk. Notable features include automatic monitoring, GitHub Pull Request integration, and active development support.

README

malicious-pdf

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Malicious PDF is a tool designed to generate various malicious PDF files featuring phone-home capabilities for use in penetration testing and red-teaming. It supports integration with platforms like Burp Collaborator and Interact.sh, providing a diverse set of attack vectors through ten different crafted PDF examples meant for testing web applications, security products, and PDF readers. Key features include the ability to create PDFs exploiting vulnerabilities like external file access, JavaScript injection, and form data exfiltration.

Nginx-Lua-Anti-DDoS

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Nginx-Lua-Anti-DDoS is a protective tool designed for Nginx web servers, leveraging Lua scripting to mitigate DDoS attacks through a JavaScript-based authentication puzzle inspired by Cloudflare’s “I’m Under Attack” mode. The tool features automatic detection and activation of protection mechanisms against various attack types, extensive IP and User-Agent filtering options, as well as capabilities to inspect and block malicious HTTP requests. With no limitation on attack size and built-in logging for monitoring, it offers customizable error responses and caching optimizations to enhance web server performance during attacks.

nmap-formatter

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: NMAP-Formatter is a versatile tool designed to convert NMAP XML output into various formats such as HTML, CSV, JSON, Excel, and more, facilitating the analysis and reporting of network scan results. Notable features include support for output via stdin, the ability to generate diagrams using Graphviz, and options to skip down hosts, enhancing usability for security professionals and network administrators. This tool can also be utilized as a library in Golang for integration into other applications.

Nope-Proxy

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: NoPE Proxy is a Burp Suite extension that facilitates the interception and analysis of TCP and UDP traffic, including non-HTTP protocols. Its notable features include a configurable DNS server that routes traffic to Burp, support for multiple listening ports for man-in-the-middle (MiTM) connections, and the ability to define match and replace rules for traffic manipulation. This tool is especially useful for security testing of mobile applications and thick clients, allowing seamless traffic analysis and modification.

NoSQLMap

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: NoSQLMap is a Python tool designed for auditing and automating injection attacks on NoSQL databases, primarily targeting MongoDB and CouchDB, while also preparing for support of others like Redis and Cassandra. It helps identify and exploit default configuration vulnerabilities to disclose or replicate database data through a user-friendly menu-based interface. Key features include options for NoSQL DB access attacks, web application attacks, and scanning for anonymous MongoDB access.

Offensive-Resources

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Offensive-Resources V4 is a comprehensive repository designed for offensive security practitioners, providing an extensive collection of learning materials and labs across various cybersecurity domains. Its primary use case is to facilitate skill development in offensive security techniques, with notable features including a wide range of topics from exploit development to IoT and hardware hacking, structured resources for diverse platforms, and an open invitation for community contributions.

README

Offensive-Resources V4

((اللَّهُمَّ انْفَعْنِي بِمَا عَلَّمْتَنِي، وَعَلِّمْنِي مَا يَنْفَعُنِي، وَزِدْنِي عِلْمًا))

Osiris

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Osiris is a cross-platform game hacking tool designed for Counter-Strike 2, featuring a graphical user interface based on the game’s Panorama UI. Its primary use case is to enhance gameplay through various functions such as customizable visual indicators for bomb planting and inaccuracy visualizations without relying on traditional C++ runtime libraries or external dependencies. Notable features include customizable color schemes for game elements, enhanced player information rendering, and support for both Windows and Linux compilation.

paradoxiaRAT

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Paradoxia is a Remote Access Tool (RAT) designed for covert control of target systems, featuring a user-friendly console that allows users to easily build and deploy client applications. Notable capabilities include multithreading for multiple session management, full file access, keylogging, microphone recording, and remote execution commands, alongside stealth operation and persistent installation. This tool is intended for malicious use, as indicated by its detection as malware by security software.

Penetration_Testing_POC

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Penetration_Testing_POC is a comprehensive collection of proof of concepts (POCs), scripts, tools, and articles related to penetration testing, intended to serve as a reference resource. It systematically categorizes vulnerabilities across various domains such as IoT, mobile devices, web applications, and privilege escalation methods, providing users with essential insights and practical exploitation techniques. Notable features include organized documentation and links to external resources, ensuring that users can easily navigate and leverage the provided information for security assessments.

PentestTools

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Pentest Tools is a comprehensive catalog of penetration testing resources, referencing tools primarily from Kali Linux, and featuring both open-source and readily accessible software. It includes a wide array of categories such as information gathering, vulnerability analysis, and exploitation tools, aimed at facilitating various aspects of security assessments. Notable features include a curated list of essential tools, categorized functionalities, and a long-term commitment to updates and supplementary resources.

PINCE

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: PINCE is a front-end tool for the GNU Project Debugger (GDB) tailored for reverse engineering, particularly in gaming contexts. Its noteworthy features include efficient memory and pointer scanning using specialized libraries, background execution for concurrent command execution, and extensive variable inspection and modification capabilities, resembling those of Cheat Engine. Additionally, PINCE supports dynamic address tables, smart casting of data types, and comprehensive disassembly functionalities, enabling users to analyze and manipulate memory with precision.

pixload

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: pixload is a set of tools designed for creating and injecting payloads into image files, supporting formats like BMP, GIF, JPG, PNG, and WebP. Its primary use case is for stealthy payload delivery, enabling users to embed malicious code within legitimate image files while maintaining their validity. Notable features include straightforward command-line usage for various image types and integration with Metasploit for payload generation.

README

pixload – Image Payload Creating tools

DESCRIPTION

Set of tools for ~~hiding backdoors~~ creating/injecting payload into images.

Powerful-Plugins

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Powerful Plugins is a curated collection of open-source plugins designed to enhance various frameworks and tools such as BurpSuite, Chrome, Firefox, IDA, Immunity, OllyDbg, and the Volatility Framework. Its primary use case is to extend the functionality of these platforms, enabling improved capabilities in tasks such as web application security testing and memory analysis. Notable features include the diverse range of supported tools and the invitation for community contributions to further expand the repository.

pythem

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: pythem is a versatile penetration testing framework written in Python, designed for use by security researchers and professionals to conduct various security assessments within legal boundaries. Notable features include support for attacks such as ARP spoofing, DNS manipulation, brute force attacks on SSH and web forms, as well as tools for exploit development and packet filtering. The framework can be installed on Debian-based Linux distributions, or run as a Docker container, facilitating accessibility and ease of deployment.

requests-ip-rotator

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: requests-ip-rotator is a Python library designed to leverage AWS API Gateway’s extensive IP pool to generate numerous unique IP addresses for web scraping and brute forcing, enabling users to circumvent IP-based rate limits. The tool automatically randomizes the X-Forwarded-For headers to obscure the client’s true IP while allowing for easy integration with the requests library. Notably, it offers both manual and automatic gateway management methods for user convenience, along with cost-effective usage under AWS’s free tier.

Resources-for-Beginner-Bug-Bounty-Hunters

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The “Resources-for-Beginner-Bug-Bounty-Hunters” repository serves as a comprehensive guide for individuals entering the realm of web hacking and bug bounty hunting. It features a curated selection of tools, tips, and resources aimed at enhancing the skills of both novice and experienced hunters, with notable sections on vulnerability types, testing environments, and coding resources. Additionally, the repository includes links to educational courses and community engagement platforms to foster learning and collaboration.

saas-attacks

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The SaaS Attacks repository provides a structured collection of attack techniques tailored for Software-as-a-Service (SaaS) platforms, aimed at aiding security researchers, penetration testers, and red/blue teams. Notable features include an emphasis on “networkless” attacks devoid of traditional endpoint interactions, and a matrix inspired by the MITRE ATT&CK framework focusing specifically on SaaS-based threats. This resource is designed to facilitate knowledge sharing and collaboration in the identification and mitigation of SaaS vulnerabilities.

sqlmap

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: sqlmap is an open-source penetration testing tool designed for automating the detection and exploitation of SQL injection vulnerabilities in web applications. It features a robust detection engine with capabilities such as database fingerprinting, data extraction, file system access, and command execution through out-of-band connections, making it a comprehensive tool for security professionals. The tool is compatible with Python 2.7 and 3.x, ensuring broad platform support.

README

sqlmap

top25-parameter

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The “top25-parameter” repository provides a curated list of the 25 most commonly vulnerable parameters associated with various web security vulnerabilities, including Cross-Site Scripting (XSS), SQL Injection (SQLi), and Server-Side Request Forgery (SSRF). It is intended for use in both manual reconnaissance and automation tools, supported by data sourced from OSINT and articles in the cybersecurity community. Notable features include organized parameters for different vulnerabilities, aiding security researchers and practitioners in identifying and mitigating risks effectively.

V3n0M-Scanner

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: V3n0M-Scanner is an offensive security framework designed for vulnerability scanning and penetration testing, offering a Python-based toolkit that operates across both Linux and Windows platforms. Notable features include advanced scanning capabilities for SQL injection, local file inclusion to remote code execution, and a Cloudflare resolver, along with extensive target lists and efficient scanning of potentially millions of IPs for known vulnerabilities. The tool is open-source and aims to provide transparency and ease of use for security professionals.

vulnx

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: VulnX is an intelligent bot designed for automatic shell injection that identifies vulnerabilities across various content management systems (CMS). Key features include multi-threaded vulnerability scanning, target information gathering, subdomain enumeration, and the ability to search for exploits using dorks, which streamline the injection process as opposed to manual methods. The tool supports multiple CMS platforms, enhancing its usability for security assessments and penetration testing.

README

VulnX

Vulnx 🕷️ is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms

webcopilot

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: WebCopilot is an automation tool for security assessments that enumerates subdomains of a target domain and scans for vulnerabilities such as XSS, SQLi, and RCE. It employs various open-source tools for subdomain enumeration, active scanning, endpoint crawling, and filtering of vulnerability parameters, ultimately presenting the results in a structured manner. Notable features include comprehensive subdomain enumeration, endpoint crawling, and integration with multiple vulnerability scanning tools.

README

WebCopilot

An automation tool that enumerate subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.

WPForce

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: WPForce is a comprehensive suite of tools designed for attacking WordPress installations, primarily focusing on brute-forcing login credentials via the API. Its notable features include the ability to automatically upload interactive shells post-authentication, dump WordPress password hashes, and pivot to a meterpreter session, making it suitable for penetration testing and post-exploitation scenarios. The tool leverages multi-threading to optimize the brute-force attack process while providing options for verbose output and error debugging.

xsser

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: XSSer is an automated framework designed for the detection, exploitation, and reporting of Cross-Site Scripting (XSS) vulnerabilities in web applications. It features over 1300 pre-installed XSS attack vectors, sophisticated techniques for bypassing various web application firewalls (WAFs) and browsers, and is capable of operating on multiple platforms with dependencies on Python and essential libraries such as Selenium and BeautifulSoup.

README

Web: https://xsser.03c8.net

Cross Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

xssor2

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: XSS’OR is a versatile tool designed for exploiting cross-site scripting (XSS) vulnerabilities through JavaScript-based payloads. Its primary use case involves encoding, decoding, and probing potential attack vectors, making it applicable for security testing and penetration testing scenarios. Notable features include a web interface for payload manipulation, compatibility with both Python 2 and 3, and robust support for Docker deployment.

README

XSS’OR

XSS’OR - Hack with JavaScript.

ONLINE

You can have a try:

yakit

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Yakit is an interactive application security testing platform that integrates the CyberSecurity Domain Specific Language (CDSL) for enhanced security operations. Its primary use case is to provide a comprehensive GUI for manipulating security testing capacities via a gRPC server, fully replacing tools like BurpSuite and offering unique features such as a visual web fuzzing tool and a plugin store for customizable security scripts. Additionally, Yakit allows non-coders to harness advanced security capabilities without programming knowledge, facilitating both local and remote deployment.