A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

The Go programming language

The world’s fastest framework for building websites.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Flight rules for git

ShellCheck, a static analysis tool for shell scripts

A fast TCP/UDP tunnel over HTTP

Impacket is a collection of Python classes for working with network protocols.

Fast web fuzzer written in Go

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

In-depth attack surface mapping and asset discovery

PowerSploit - A PowerShell Post-Exploitation Framework

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Prowler is the Open Cloud Security for AWS, Azure, GCP, Kubernetes, M365 and more. As agent-less, it helps for continuous monitoring, security assessments & audits, incident response, compliance, h…

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

Go Training Class Material :

Fast subdomains enumeration tool for penetration testers

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

List of awesome reverse engineering resources

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!

A swiss army knife for pentesting networks

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

Nginx configuration static analyzer

Go security checker

windows-kernel-exploits Windows平台提权漏洞集合

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …