CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs

GTFOBins is a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems.

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

An awesome list of FREE resources for training, conferences, speaking, labs, reading, etc that are free. Originally built during COVID-19 for cybersecurity professionals with downtime can take adva…

A curated list of sites to practice testing on

Damn Vulnerable WordPress

A collection of PDF/books about the modern web application security and bug bounty.

💤 A modern plugin manager for Neovim

A launch point for your personal nvim configuration

my notes for the OSCP+ exam

A collection of several hundred online tools for OSINT

CVE-2025-2304 POC

This Python PoC exploits CVE-2024-46987, a Path Traversal bug in Camaleon CMS 2.8.0 < 2.8.2 (work on 2.9.0). It allows authenticated users to read sensitive server files via the MediaController. In…

Damn Vulnerable NodeJS Application

The best way to get AI coding agents to solve hard problems in complex codebases.

The recursive internet scanner for hackers. 🧡

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, s…

Damn Vulnerable Web Application (DVWA)

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Go Lang မြန်မာ Book (Gemini 3 ဖြင့် ရေးသားသည်)

CVE-2025-55182 POC

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data

This repository contains a 90-day cybersecurity study plan, along with resources and materials for learning various cybersecurity concepts and technologies. The plan is organized into daily tasks, …

100+ open-source clones of popular sites like Airbnb, Amazon, Instagram, Netflix, Tiktok, Spotify, Whatsapp, Youtube etc. See source code, demo links, tech stack, github stars.

Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.