Stars
Git All the Payloads! A collection of web attack payloads.
This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
Zuul is a gateway service that provides dynamic routing, monitoring, resiliency, security, and more.
A code-searching tool similar to ack, but faster.
Fetch many paths for many hosts - without killing the hosts
A python script that finds endpoints in JavaScript files
Free, libre, effective, and data-driven wordlists for all!
A python based blind SQL injection exploitation script
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
Prototype Pollution and useful Script Gadgets
A list of interesting payloads, tips and tricks for bug bounty hunters.
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
A curated list of resources for learning about application security
A curated list of CTF frameworks, libraries, resources and softwares
🐶 A curated list of Web Security materials and resources.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.