scripts

scripts for ctf , bug bounty and stuffs

Enumeration tools

https://github.com/hakluke/hakrawler

https://github.com/ffuf/ffuf

https://github.com/projectdiscovery/subfinder

https://github.com/tomnomnom/httprobe

https://github.com/maK-/parameth

https://github.com/s0md3v/Arjun

https://github.com/devanshbatham/ParamSpider

https://github.com/lc/gau

https://github.com/trufflesecurity/trufflehog

subdomain takeover

https://github.com/m4ll0k/takeover

https://github.com/nahamsec/HostileSubBruteforcer

CORS

https://github.com/s0md3v/Corsy/

CSRF

https://github.com/0xInfection/XSRFProbe

Command Injection

https://github.com/commixproject/commix

DNS Rebinding

https://github.com/nccgroup/singularity

graphQL

https://github.com/swisskyrepo/GraphQLmap

http smuglling

https://github.com/defparam/smuggler

https://github.com/anshumanpattnaik/http-request-smuggling

cloud

https://github.com/aquasecurity/kube-hunter

https://github.com/jordanpotti/AWSBucketDump

firebase

https://github.com/shivsahni/FireBaseScanner

https://github.com/MuhammadKhizerJaved/Insecure-Firebase-Exploit

403 forbidden bypass

https://github.com/lobuhi/byp4xx

https://github.com/iamj0ker/bypass-403

https://github.com/gotr00t0day/forbiddenpass

SQLI

https://github.com/codingo/NoSQLMap

https://github.com/sqlmapproject/sqlmap

SSRF

https://github.com/swisskyrepo/SSRFmap

https://github.com/teknogeek/ssrf-sheriff

SSTI

https://github.com/epinna/tplmap

File Upload

https://github.com/almandin/fuxploider

XXE

https://github.com/enjoiz/XXEinjector

XSS

https://github.com/hahwul/dalfox

https://github.com/mandatoryprogrammer/xsshunter

session

https://github.com/Paradoxis/Flask-Unsign

https://github.com/ticarpi/jwt_tool

https://github.com/brendan-rius/c-jwt-cracker

mobile

https://github.com/nomi9995/react-native-decompiler

https://github.com/MobSF/Mobile-Security-Framework-MobSF

https://github.com/0x1CA3/AdbNet

scanner

https://nmap.org/

https://github.com/projectdiscovery/nuclei

https://github.com/s0md3v/Smap

https://www.tenable.com/products/nessus

https://www.zaproxy.org/

https://www.openvas.org/

wordlists

https://github.com/danielmiessler/SecLists

gooogle dork

https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan

LABS

https://app.cyberedu.ro/challenges?sortBy=newest

https://cyberdefenders.org/blueteam-ctf-challenges/

https://hackthebox.eu/

https://tryhackme.com/dashboard

https://play.picoctf.org/practice

https://www.root-me.org/en/Challenges/

https://my.ine.com/CyberSecurity/courses/38316560/web-application-penetration-testing

https://letsdefend.io/

https://securityblue.team/

https://www.bugbountyhunter.com/

https://portswigger.net/web-security/all-labs

https://codered.eccouncil.org/me/enrolled-courses