🙃 A delightful community-driven (with 2,400+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python…

Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Xray 基于 Nginx 的 VLESS + XTLS 一键安装脚本

A collection of android security related resources

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Rockyou for web fuzzing

grep rough audit - source code auditing tool

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

The Docker image for Aria2 + AriaNg + File Browser + Rclone

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

Script to steal passwords from ssh.

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

An OSINT tool to find contacts in order to report security vulnerabilities.