CVE-2025-68613: n8n RCE vulnerability exploit and documentation

Explanation and full RCE PoC for CVE-2025-55182

SURF - Advanced Go HTTP client with Chrome/Firefox browser impersonation, HTTP/3 with QUIC fingerprinting, JA3/JA4 TLS emulation, and anti-bot bypass for web automation and scraping.

A list of interesting payloads, tips and tricks for bug bounty hunters.

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" fo…

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained p…

Predict Mongo ObjectIds

🕵️‍♂️ Collect a dossier on a person by username from thousands of sites

A Hardware Hacking Tool with Web-Based CLI That Speaks Every Protocol

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.

This is the Rust course used by the Android team at Google. It provides you the material to quickly teach Rust.

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info

Direct Memory Access (DMA) Attack Software

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

↕️🤫 Stealth redirector for your red team operation security

NTP Exfiltration Tool

Open-source Windows and Office activator featuring HWID, Ohook, TSforge, and Online KMS activation methods, along with advanced troubleshooting.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Master programming by recreating your favorite technologies from scratch.

AWSGoat : A Damn Vulnerable AWS Infrastructure

P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Ap…

Random Signals on Some Low-level Stuff.

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Fast web fuzzer written in Go

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A collection of links related to Linux kernel security and exploitation