A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Access large language models from the command-line

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Damn Vulnerable Web Application (DVWA)

Hunspell UTF8 dictionaries. These work with Sublime Text. [Spell check]

HTTP parameter discovery suite.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

OWASP API Security Project

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

OWASP Foundation Web Respository

LinkedIn Recon Tool