OSCP Cheat Sheet

Stuff that doesn't deserves its own repository.

Heuristic Vulnerable Parameter Scanner

Try to find the origin IP of a webapp protected by Cloudflare.

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

The Swiss Army Container for Cloud Native Security. Container with all the list of useful tools/commands while hacking and securing Containers, Kubernetes Clusters, and Cloud Native workloads.

Vulnerable app with examples showing how to not use secrets

Red Team Attack Lab for TTP testing & research

This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by…

A fast DOM based XSS vulnerability scanner with simplicity.

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

Scan for misconfigured S3 buckets across S3-compatible APIs!

A fast tool to scan CRLF vulnerability written in Go

TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.

secretz, minimizing the large attack surface of Travis CI

A listing of the most common vuln that you can link in your PoCs

Find subdomains on GitHub.

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

A fuzzer for detecting open redirect vulnerabilities

Cardano Stakepool on Raspberry Pi

A fast, clean, responsive Hugo theme.