A list of public penetration test reports published by several consulting firms and academic security groups.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

The Network Execution Tool

Android Reverse-Engineering Workbench for VS Code

Rockyou for web fuzzing

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

Real-world infosec wordlists, updated regularly

Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.

A curated list of wordlists for bruteforcing and fuzzing

Heuristic Vulnerable Parameter Scanner

List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.

LLM tool to deobfuscate android app and find any potential vulnerabilities in android apps and code.

This extension will help you to detect GET/POST based XSS vulnerability in any website easily

List of periodically validated public DNS resolvers

XSSRocket it is a tool designed for offensive security and XSS (Cross-Site Scripting) attacks.

Passively check for XSS character encodings

RePacker is a utility designed to rebuild Cordova applications that incorporate RASP or other protective measures within their native code, resulting in a sanitized application devoid of any such s…

This is my cherrytree for preparing for Pentester Academy - Certified Red Team Professional (CRTP)