A list of public penetration test reports published by several consulting firms and academic security groups.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

⭐ Use repo badges (build passing, coverage, etc) in your readme/markdown file to signal code quality in a project.

A Python module to scrape several search engines (like Google, Yandex, Bing, Duckduckgo, ...). Including asynchronous networking support.

HTTPLeaks - All possible ways, a website can leak HTTP requests

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

A proposed standard that allows websites to define security policies.

A demo of overriding what's in a person's clipboard

A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.

CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.

A Jekyll-based theme designed for documentation and help systems. See the link for detailed instructions on setting up and configuring everything.

A Nmap XSL implementation with Bootstrap.

A wiki focusing on aggregating and documenting various SQL injection methods

Full-featured Jekyll port of Ghost's default theme Casper v2 👻

A collection of resources/documentation/links/etc to help people learn about Infosec and break into the field.

AI Code Security Anti-Patterns distilled from 150+ sources to help LLMs generate safer code.

This tool downloads, installs, and configures a shiny new copy of Chromium.

IPFuscator - A tool to automatically generate alternative IP representations

A highly configurable Framework for easy automated web scanning

Stealing CSRF tokens with CSS injection (without iFrames)

Fuzzing Browsers

CTFs, solutions and presentations

🏴‍☠️ Bypass Same Origin Policy with DNS-rebinding to retrieve local server files 🏴‍☠️

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

XSS Fuzzer is a tool which generates XSS payloads based on user-defined vectors and fuzzing lists.

A lab to play with authentication and authorisation problems

An example of obtaining RCE via Redis and CSRF

ACCC CDR Register GitHub issue register for external collaboration

A scripted library of hacking techniques.