Lists (24)
android pentest
api pentesting
burpsuite utilized
Bypass (4xx)
checklists, methodologies
code review, devsecops
general stuffs
ios pentest
node stuffs
payloads
pentest note taking apps
recon (application)
recon (assets)
recon (dorks, queries)
recon (javascripts)
vulnerable android apps
vulnerable ios apps
vulnerable [web] apps
vulns (open redirect)
vulns (sqli)
vulns (ssrf)
vulns (xss)
wlists
writeups & edu
Stars
Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Automatic SQL injection and database takeover tool
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
If you live in the terminal, kitty is made for you! Cross-platform, fast, feature-rich, GPU based.
Write scalable load tests in plain Python 🚗💨
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…
an awesome list of honeypot resources
The recursive internet scanner for hackers. 🧡
A GPT-empowered penetration testing tool
📱 objection - runtime mobile exploration
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️
🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
Open Source Vulnerability Management Platform
Scanning APK file for URIs, endpoints & secrets.
Automated All-in-One OS Command Injection Exploitation Tool.
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Top disclosed reports from HackerOne
Colored logcat script which only shows log entries for a specific application package.
The Leading Security Assessment Framework for Android.
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-…
A python script that finds endpoints in JavaScript files
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
Automatic SSRF fuzzer and exploitation tool