🚗 A curated list of resources for learning about vehicle security and car hacking.

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

403/401 Bypass Methods + Bash Automation + Your Support ;)

A complete, beginner-friendly bug bounty roadmap that takes you from zero experience to earning your first bounty.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Top disclosed reports from HackerOne

Fast passive subdomain enumeration tool.

Subdomain takeover vulnerability checker

A repo to showcase web3 hacks

The ultimate, most advanced, security, DeFi, assembly, web3 auditor course ever created.

Fast web fuzzer written in Go

A curated list of awesome OSCP resources

Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Scan for misconfigured S3 buckets across S3-compatible APIs!

Smart Contract Audit Reports

The Web3 Security Resources Hub is a comprehensive collection of curated tools, guides, and best practices for securing decentralized systems and smart contracts in the blockchain space.

SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

Find secrets with Gitleaks 🔑

Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, col…

A curated list of web3Security materials and resources For Pentesters and Bug Hunters.

PowerSploit - A PowerShell Post-Exploitation Framework

Take a list of domains and probe for working HTTP and HTTPS servers

Find domains and subdomains related to a given domain

A list of interesting payloads, tips and tricks for bug bounty hunters.

BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-…