Collection of notes to prepare for the eLearnSecurity eJPT certification exam.

a list of cybersecurity internships

Identify privilege escalation paths within and across different clouds

Six Degrees of Domain Admin

A Workflow Engine for Offensive Security

🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection

Dex to Java decompiler

Automagically reverse-engineer REST APIs via capturing traffic

Generate swagger files from mitmproxy output.

Burp extension to create target specific and tailored wordlist from burp history.

Scanning APK file for URIs, endpoints & secrets.

Best and simplest tool for website change detection, web page monitoring, and website change alerts. Perfect for tracking content changes, price drops, restock alerts, and website defacement monito…

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target

Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist

A wrapper around grep, to help you grep for things

GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

Contextual Content Discovery Tool

HTTP parameter discovery suite.

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

completely ridiculous API (crAPI)

Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.

In-depth attack surface mapping and asset discovery

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Rockyou for web fuzzing