Take it like a gift

XXEinjector
XXEinjector

Exploitation of XXE vulnerability using direct and different out of band methods.

gef
gef

A modern experience for GDB with advanced debugging capabilities.

graphql-armor
graphql-armor

The missing GraphQL security security layer.

grafana-ssrf
grafana-ssrf

Authenticated SSRF in Grafana.

JS Recon Buddy
JS Recon Buddy

A passive browser extension to find secrets, endpoints and XSS sinks in JS and HTML.

gorgo
gorgo

The vertasile multi-threaded password sprayer built on the shoulders of giants.

ghidra
ghidra

Software reverse engineering (SRE) framework.

flan
flan

A pretty sweet vulnerability scanner.

Hades
Hades

Go shellcode loader that combines multiple evasion techniques.

Fiddler Everywhere
Fiddler Everywhere

Web debugging proxy for MacOS, Windows, and Linux.

Headless Burp
Headless Burp

Provides a suite of extensions and a maven plugin to automate security tests using Burp Suite.

GoPhish
GoPhish

Open-source phishing toolkit.

hakfindinternaldomains
hakfindinternaldomains

Feed it a list of subdomains, it will resolve them and tell you which ones are internal.

Have i been pwned?
Have i been pwned?

Check if your email or phone is in a data breach.

Fuzzapi
Fuzzapi

Used for REST API pentesting and provide UI solution for gem.