A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

A little tool to play with Windows security

Impacket is a collection of Python classes for working with network protocols.

Most advanced XSS scanner.

In-depth attack surface mapping and asset discovery

Web path scanner

articles

Fast passive subdomain enumeration tool.

Damn Vulnerable Web Application (DVWA)

A list of resources for those interested in getting started in bug bounties

A curated list of CTF frameworks, libraries, resources and softwares

Six Degrees of Domain Admin

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Attack Surface Management Platform

A swiss army knife for pentesting networks

WebGoat is a deliberately insecure application

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

Empire is a PowerShell and Python post-exploitation agent.

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

A collection of awesome security hardening guides, tools and other resources

A Tool for Domain Flyovers

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Sysmon configuration file template with default high-quality event tracing

Automated Mass Exploiter

Hunt for security weaknesses in Kubernetes clusters

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.