crunch 13 13 0123456789 -t WiFi-@@@@@@@@ para generar las contraseñas de todas las redes COWIFI
crunch 13 13 0123456789 -t WiFi-9@@@@@@@
Para generar un diccionario con bastante probabilidad de éxito si tiene una wifi COWIFI llame a Cable Onda para el cambio del password
WEB SCRAPING JUST GOT A SERIOUS UPGRADE.
PixelRAG doesn't read HTML. It reads the page exactly like you do.
100% open-source.
Instead of parsing websites into plain text, it captures screenshots and lets a vision model retrieve answers directly from the pixels.
Why that's a big deal:
• HTML parsers silently lose information.
• Tables, charts, formulas, and layouts often disappear.
• Even changing the parser can swing RAG accuracy by ~10%.
PixelRAG skips that entire bottleneck.
It indexes what users actually see.
The team built a visual index of 30M+ Wikipedia screenshots, and it outperformed the strongest text-based RAG baseline by 18.1% on text-only QA.
Even cooler:
It includes a Claude Code plugin that gives Claude visual browsing.
Instead of scraping the DOM, Claude can screenshot any webpage, PDF, arXiv paper, or even your local app—and answer based on the rendered page.
The pipeline is surprisingly clean:
→ Render pages into image tiles
→ Embed with Qwen3-VL-Embedding (LoRA-tuned on screenshots)
→ Store in a FAISS index
→ Search visually
The best part?
Upgrade to a better vision model later, and you don't need to rebuild the index.
Because the index stores pixels, not parsed text.
Fully open-source under Apache 2.0.
GitHub: https://t.co/B7whbNg60s
A Japanese dev open-sourced a drop-in replacement for NumPy that runs on your GPU.
It's called CuPy. Change one line import “numpy as np” → “import cupy as cp” and the same code runs up to 100x faster on CUDA.
→ Works with existing NumPy/SciPy code
→ No rewrite. No new syntax.
→ Also supports AMD ROCm
100% Open Source.
hello amazing hacker — let's talk about the bug everyone finds and almost nobody gets paid for: the open redirect.
You find a ?url= that sends you somewhere, you point it at https://t.co/mo2GiPbqH0, you screenshot it, you submit "open redirect" and triage closes it as low. Sound familiar? The bug isn't the problem. The framing is.
Here's how I actually hunt it:
1. Find the redirect params. ?url= ?next= ?redirect= ?return= ?returnUrl= ?continue= ?dest= ?goto= ?r= ?u= — they live in login, logout, OAuth, "go back" buttons and email tracking links. Anywhere the app sends you on after an action.
2. Confirm it. Point the param at a domain YOU control and follow it. Browser lands on your domain = open redirect. Done.
3. Beat the filter, because most are lazy. They check "does it contain https://t.co/DAXb48PfCx?" so you feed them:
- //evil.com (protocol-relative, no scheme)
- https://[email protected] (everything before @ is just a username, browser goes to https://t.co/mo2GiPbqH0)
- https://t.co/lS2CE52otU (their domain is now your subdomain)
- /%2f/evil.com and backslash tricks /\https://t.co/mo2GiPbqH0 that browsers quietly normalise
- double-encode when one layer gets stripped
4. Now the part that pays — CHAIN it. Open redirect alone is low. Open redirect inside an OAuth redirect_uri that leaks the auth code/token? That's account takeover. Token leaked via Referer to your domain, phishing on a trusted URL, an SSRF allowlist you just walked around. Same bug, completely different payout.
PoC || GTFO — report the consequence, not the hop. "Redirect goes to https://t.co/mo2GiPbqH0" = closed. "Redirect in the OAuth flow hands me the victim's auth code = full ATO" = paid.
Go try it today on a safe target: https://t.co/jLmNLzsTlZ
Want the full pentester path — methodology, recon, the exploit chains that turn a low into a critical? My 903 Pentester's Dream Bundle covers it end to end, discount applies via the link: https://t.co/UGbojry8aV
Hunt like a rat :-)
Un abogado pierde una semana en un contrato de 500 páginas. Un contador, cuatro días en 200 facturas. Un investigador, dos semanas en 50 PDFs.
Todos copiando y pegando.
MinerU lo cambia todo.
Herramienta gratuita y open source que convierte cualquier PDF, Word, Excel o imagen escaneada en Markdown limpio en segundos: • Texto en orden correcto • Tablas en HTML • Ecuaciones en LaTeX • OCR potente • 109 idiomas
Un PDF de 200 páginas → Markdown perfecto en 90 segundos.
Funciona en CLI, Python o web (https://t.co/VExoMDvOOD). Corre en tu PC. 100% privado.
Más de 68.000 estrellas en GitHub.
La abogada: contrato listo en 4 min. El contador: 200 facturas en 12 min. El investigador: revisión lista en una tarde.
Adiós papeleo manual. Bienvenido tu tiempo.
cloudflare/security-audit-skill: A coding-agent skill for multi-phase security audits with independently verified, machine-readable findings https://t.co/BY59yQcXlA
🎓 Digital Forensics Lab & Shared Cyber Forensic Intelligence Repository
One of the best free Digital Forensics learning resources on GitHub.
Inside you'll find:
📁 Real forensic case studies
📱 Android & iPhone investigations
🌐 Network forensics labs
🧠 Memory forensics exercises
📡 IoT & Drone investigations
🤖 AI for Digital Forensics
A complete hands-on lab environment for anyone interested in DFIR, incident response, and forensic investigations.
🔗 https://t.co/9gd5QsPvm2
#DFIR #DigitalForensics #CyberSecurity #IncidentResponse #BlueTeam #ThreatHunting #SOCAnalyst #InfoSec #OpenSource
PRISM
Self-hosted OSINT platform with 22+ modules, OPSEC scoring, AI summary, and a real-time web dashboard.
Scan any domain, IP, email, phone, or username get WHOIS, DNS, threat intel, breach data, username search, dark-web mirrors, OPSEC score, entity graphs, and HTML/PDF reports in seconds.
Source/Repo: https://t.co/9tRoDAQGfb
Demo: https://t.co/ViktensoYP
🛡️🤖 CyberSentinel AI | 33 herramientas reales con IA agentic 100% local
Nmap, Nikto, Nuclei, SQLMap y ZAP ejecutándose de verdad en sandbox Kali. IA agentic + análisis en tiempo real con RAG (ChromaDB), Neo4j y ELK Stack.
#ethicalhacking#redteam#pentest#localai#opensource
10 GITHUB REPOS THAT SCRAPE THE ENTIRE INTERNET FOR YOU
Bookmark every single one. Each one pulls clean data off any website on earth, the kind of access companies sell behind a sales call and a contract.
1. https://t.co/yjhB8qsY2r
Point it at any website and it crawls every page, renders the JavaScript, and hands back clean structured data an AI can read instantly. It crossed 130K stars and landed in GitHub's top 100 repos. The scraping backbone half the AI startups quietly run on, open for anyone.
2. https://t.co/H8tTZjwd7O
The #1 trending crawler on GitHub. Turns any site into clean, LLM-ready markdown, faster than the paid services and with no API key, no account, no per-page fee. A dev built it in days after getting fed up paying $16 for a gated scraper. 51K stars. Apache 2.0.
3. https://t.co/xgLQDLB4HL
An AI agent that drives a real browser like a human, clicking, scrolling, logging in, filling forms, and pulling data off sites it has never seen before. Two ETH Zurich researchers built it and it hit 95K stars in about a year. The thing that scrapes pages no simple crawler can reach. MIT.
4. https://t.co/bBDy50sR9R
The full professional scraping framework, with rotating proxies, automatic retries, browser fingerprint spoofing, and queue management, all the machinery that keeps you from getting blocked. The exact stack scraping companies charge thousands to operate, handed to you for free.
5. https://t.co/nKhjeJxe1F
The original industrial-strength scraper that has quietly powered data teams for over a decade. Crawl millions of pages, extract anything, export it clean. Battle-tested at a scale most paid tools never reach, and free the entire time.
6. https://t.co/0NeYEdAWDt
Microsoft's own tool that converts any file or web page, PDFs, Office docs, HTML, images, into clean markdown an AI can actually use. The messy-data-to-clean-data step companies build whole pipelines around, open-sourced by Microsoft itself.
7. https://t.co/vyKqqy18Pi
A stealth scraper built to stay invisible, adapting automatically when a site changes its layout and slipping past the bot detection that stops everything else. The cat-and-mouse layer that anti-scraping vendors sell as a premium feature, free and open.
8. https://t.co/o9TuMdEQ1l
Mirror and control any Android phone from your computer to pull data and automate apps that have no website at all. The bridge into mobile-only platforms that most scrapers can't touch. 130K+ stars. Apache 2.0.
9. https://t.co/24FQISv92x
Show it one example of what you want and it figures out the pattern and scrapes the rest of the site automatically. No selectors, no code to maintain. The "just get me this data" button, in a few lines of Python.
10. https://t.co/BgL79bWL89
A version of curl that perfectly mimics a real browser's fingerprint, so the requests sneaking past every defense look exactly like a human with Chrome open. The lowest-level trick the expensive scraping APIs are quietly built on top of.
Companies sell this access for $2,000 a month. The source code is right here.
Me están matando (por decirlo educadamente) las pausas de hidratación en esta Copa del Mundo. Rompen el ritmo. Parten el partido. Cambian dinámicas positivas y negativas de los equipos. Esto no es fútbol y nunca lo será por más que terminemos acostumbrándonos.
Curazao marcó, se incendió el partido y te meten un cooling break para matarte el ritmo
Esto no es fútbol, no podemos permitir que hagan esto a nivel de clubes
Burp Suite Professional costs 475 dollars a year per seat.
A senior software engineer in Amsterdam built the open source replacement as a side project. He put it on GitHub for free. It has 10,569 stars.
His name is David Stotijn. The software is Hetty.
Here is what Hetty is.
An HTTP toolkit for security research. A machine-in-the-middle proxy that sits between your browser and the target. Every request and every response flows through Hetty. You can read them, search them, intercept them, edit them, replay them, and send them again.
This is the core loop of every web application security test ever performed. Burp Suite charges 475 dollars a year for it. Hetty does the same job for zero.
Here is the feature set.
A machine-in-the-middle HTTP proxy with full logs and advanced search. An HTTP client for manually creating and editing requests, and replaying any request you already proxied. Request and response interception for manual review, with full edit, send, receive, and cancel control. Scope support to keep your work organized to a single target. A web-based admin interface that runs in your browser. Project-based database storage so multiple engagements stay separate. A GraphQL service for programmatic access.
The installer is a single Go binary. Works on macOS, Linux, and Windows. No Java runtime, no enterprise license server, no machine fingerprinting, no telemetry.
Here is the price ladder.
Burp Suite Professional: 475 dollars a year per seat.
Burp Suite Enterprise: thousands per year, contact sales for a quote.
Burp Suite Community Edition: free, but throttled, no scanner, no project save, no intruder rate.
OWASP ZAP: free and open source, now owned by Checkmarx after a 2024 acquisition.
Hetty: zero. Forever. One binary. No account.
A pentester working full time pays Burp 475 dollars a year. A team of 10 pentesters pays 4,750 dollars a year. A bug bounty hunter who finds one vulnerability has already paid for Burp twice over.
Or they download a 30 MB Go binary written by a freelancer in Amsterdam and keep every dollar they earn.
David has not pushed a new commit in 16 months. The last commit was January 13, 2025. That is normal for a tool that is feature-complete. HTTP has not changed. The proxy still proxies. The intercept still intercepts. MIT licensed code does not expire when the maintainer takes a break.
Buy a domain. Find a bug. Cash a bounty.
PortSwigger took a free industry tool and put it behind a 475 dollar paywall. A freelancer in Amsterdam gave it back. On every platform. For zero dollars.
Your proxy. Your binary. Your bounties.
(Link in the comments)
You can now clone any voice on a 4GB GPU & CPU😗
Open-source LuxTTS,
It clones voices from 3 seconds of audio at 150x realtime speed. Fits in 1GB VRAM.
Faster than realtime even on CPU.
48khz output vs industry standard 24khz
Clone any voice locally Works on GPU and CPU
- https://t.co/SGRNBEo06p
MICROSOFT OPEN-SOURCED THE COMPLETE MCP PLAYBOOK
Every ai engineer needs to understand model context protocol in 2026
Microsoft built a full open-source course so you don't have to figure it out the hard way
here's what's inside:
▫️ 11 modules from zero to production
▫️ hands-on labs in python, typescript, java, rust, c# and javascript
▫️ covers mcp servers, clients, security, oauth2, azure integration
▫️ a 13-lab capstone with real postgresql + vector search
▫️ works with claude desktop, cursor, vs code and more
▫️ 16k stars. 5.3k forks. built by microsoft.
the curriculum even teaches adversarial multi-agent reasoning two agents debate using shared mcp tools, judged by a third agent.
if you're building with ai agents in 2026, mcp is the layer that connects everything. this is the fastest way in
https://t.co/jZlCZE8VkX