Reset Intellij IDEA, WebStorm, DataGrip, PhpStorm, CLion, PyCharm, RubyMine, GoLand and Rider evaluation (2019 / 2020 / 2023 / 2024 / windows)

Frida Script Runner is a versatile web-based tool designed for Android and iOS penetration testing purposes.

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the contr…

A simple tool for bypassing file upload restrictions.

Android split APKs installer

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

Script to root AVDs running with QEMU Emulator from Android Studio

The Magic Mask for Android

Square’s meticulous HTTP client for the JVM, Android, and GraalVM.

DNS over HTTPS / DNS over Tor / DNSCrypt client, WireGuard proxifier, firewall, and connection tracker for Android.

This is a tool used to modify Android Manifest binary file.

This challenge is Inon Shkedy's 31 days API Security Tips.

Various tips & tricks

TCM Security Academy Notes

fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Clone this repo to build Frida

A tool for reverse engineering Android apk files

Subdomain takeover vulnerability checker

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

Dex to Java decompiler

Twitter vulnerable snippets

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

The Bug Hunters Methodology

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

declutters url lists for crawling/pentesting

Unwaf is a Go tool designed to help identify WAF bypasses using passive techniques, such as: SPF records and DNS history. By default, Unwaf will check SPF records.

Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

The repo contains all the the notes, slides, and study material for my workshop at DEFCON 32 at the Bug Bounty Village