SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !

This is a resource factory for anyone looking forward to starting bug hunting and would require guidance as a beginner.

SMSBoom - Deprecate: Due to judicial reasons, the repository has been suspended!

A framework for finding JavaScript memory leaks and analyzing heap snapshots

Checklist of the most important security countermeasures when designing, creating, testing your web/mobile application

A tool for secrets management, encryption as a service, and privileged access management

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

RedEye is a visual analytic tool supporting Red & Blue Team operations

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

You didn't think I'd go and leave the blue team out, right?

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Flipper Zero Unleashed Firmware

Anteon (formerly Ddosify): eBPF-based Kubernetes Monitoring and Performance Testing

Open source alternative to Auth0 / Firebase Auth / AWS Cognito

An evolving how-to guide for securing a Linux server.

GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.

fsociety Hacking Tools Pack – A Penetration Testing Framework

A collection of one-liners for bug bounty hunting.

Cloud Security Posture Management (CSPM)

面向网络安全从业者的知识文库🍃 (停止更新)

Infisical is the open-source platform for secrets, certificates, and privileged access management.

This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security,…