A list of public penetration test reports published by several consulting firms and academic security groups.

Automagically reverse-engineer REST APIs via capturing traffic

A guide to smart contract security best practices

Gather and update all available and newest CVEs with their PoC.

the LLM vulnerability scanner

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Official OWASP Top 10 Document Repository

Automate the creation of a lab environment complete with security tooling and logging best practices

Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)

ChatGPT Jailbreaks, GPT Assistants Prompt Leaks, GPTs Prompt Injection, LLM Prompt Security, Super Prompts, Prompt Hack, Prompt Security, Ai Prompt Engineering, Adversarial Machine Learning.

Application Security Verification Standard

HTTPLeaks - All possible ways, a website can leak HTTP requests

Active Directory and Internal Pentest Cheatsheets

An addon root hiding service for KernelSU

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

CVE-2021-40444 PoC

WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.

Malware samples, analysis exercises and other interesting resources.

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

A directory of direct links to delete your account from web services.

A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.

CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit

7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.

OWASP Foundation Web Respository

CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocke…

Certified Red Team Operator

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT