A collection of various awesome lists for hackers, pentesters and security researchers

⚡ Dynamically generated stats for your github readmes

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Python Fire is a library for automatically generating command line interfaces (CLIs) from absolutely any Python object.

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

💎 A curated list of awesome Competitive Programming, Algorithm and Data Structure resources

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

OneForAll是一款功能强大的子域收集工具

An HTTP toolkit for security research.

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.

Automation for internal Windows Penetrationtest / AD-Security

Pentest Report Generator

UAC bypass, Elevate, Persistence methods

nodejsscan is a static security code scanner for Node.js applications.

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileg…

ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.

OWASP API Security Project

Windows / Linux Local Privilege Escalation Workshop

A tool for automating cracking methodologies through Hashcat from the TrustedSec team.

Domain Password Audit Tool for Pentesters

Deployment Manager samples and templates.

This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by…

Integrates Dependency-Check reports into SonarQube

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.