A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev

📚 Community guides for open source creators

An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

Automagically reverse-engineer REST APIs via capturing traffic

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

Gather and update all available and newest CVEs with their PoC.

Test suites for Web platform specs — including WHATWG, W3C, and others

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

Open source courseware for Git and GitHub

Go Project Design Documents

HTTPLeaks - All possible ways, a website can leak HTTP requests

A proposed standard that allows websites to define security policies.

Hardware/IOT Pentesting Wiki

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocke…

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

[mirror] Home of the go.dev and golang.org websites

Descriptions and examples for the rules in Flake8 (pyflakes, pycodestyle, and mccabe).

A vast collection of security tools and resources curated by the community.

GTFOArgs is a curated list of programs and their associated arguments that can be exploited to gain privileged access or execute arbitrary commands, using argument injection.

Nuclei documentation

Living Off Security Tools