A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Hunt down social media accounts by username across social networks

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A cat(1) clone with wings.

30 days of JavaScript programming challenge is a step-by-step guide to learn JavaScript programming language in 30 days. This challenge may take more than 100 days, please just follow your own pace…

Full reference of LinkedIn answers 2024 for skill assessments (aws-lambda, rest-api, javascript, react, git, html, jquery, mongodb, java, Go, python, machine-learning, power-point) linkedin excel t…

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

A collection of awesome penetration testing resources, tools and other shiny things

Find, verify, and analyze leaked credentials

Checklist of the most important security countermeasures when designing, testing, and releasing your API

A little tool to play with Windows security

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Fast web fuzzer written in Go

A collection of hacking tools, resources and references to practice ethical hacking.

Most advanced XSS scanner.

In-depth attack surface mapping and asset discovery

Web path scanner

Fast passive subdomain enumeration tool.

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

A list of resources for those interested in getting started in bug bounties

Fast subdomains enumeration tool for penetration testers

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

Scripted Local Linux Enumeration & Privilege Escalation Checks

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" fo…