30 days of JavaScript programming challenge is a step-by-step guide to learn JavaScript programming language in 30 days. This challenge may take more than 100 days, please just follow your own pace…

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

CF-workers/pages代理脚本：支持Vless-ws(tls)、Trojan-ws(tls)；Socks5/http本地代理脚本：可选ECH-TLS、普通TLS、无TLS三种代理模式

JavaScript parser / mangler / compressor / beautifier toolkit

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Running V2ray inside edge/serverless runtime

Awesome XSS stuff

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click S…

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.

Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)

pull decrypted ipa from jailbreak device

This GitHub repo is a powerhouse collection of scraping APIs for developers that you can start using immediately to build everything from simple automations to full-scale applications.

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

Hand-crafted Frida examples

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

Mobile Edge-Dynamic Unified Security Analysis

Frida scripts to rewrite mobile applications at runtime to directly MitM all HTTPS traffic

A container repository for my public web hacks!

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks

The XSS Hunter service - a portable version of XSSHunter.com

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

XSS payloads designed to turn alert(1) into P1

A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon

PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.

A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform

A cross-platform note-taking & target-tracking app for penetration testers.