CharlieNeva2Late777's Stars
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
OWASP/owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
projectdiscovery/subfinder
Fast passive subdomain enumeration tool.
projectdiscovery/httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
A-poc/RedTeam-Tools
Tools and Techniques for Red Team / Penetration Testing
EdOverflow/bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
daffainfo/AllAboutBugBounty
All about bug bounty (bypasses, payloads, and etc)
EdOverflow/can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
reddelexc/hackerone-reports
Top disclosed reports from HackerOne
christophetd/CloudFlair
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Az0x7/vulnerability-Checklist
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
sehno/Bug-bounty
Ressources for bug bounty hunting
PortSwigger/turbo-intruder
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
projectdiscovery/notify
Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
GoSecure/dtd-finder
List DTDs and generate XXE payloads using those local DTDs.
Krypteria/AtlasLdr
Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls
h3110w0r1d-y/BurpLoaderKeygen
frank-leitner/portswigger-websecurity-academy
Writeups for PortSwigger WebSecurity Academy
LucasFaudman/apkscan
Scan for secrets, endpoints, and other sensitive data after decompiling and deobfuscating Android files. (.apk, .xapk, .dex, .jar, .class, .smali, .zip, .aar, .arsc, .aab, .jadx.kts).
PortSwigger/bambdas
Bambdas collection for Burp Suite Professional and Community.
netsecurity-as/subfuz
A subdomain fuzzing tool
ShadowByte1/XSS
justmobilesec/Android-iOS-Cheat-Sheet
ViktorMares/ultimate_discovery
Ultimate Wordlist for Web Content Discovery
albinowax/albinowaxUtils