gregxsunday's Stars
trimstray/the-book-of-secret-knowledge
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
vulhub/vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
juliocesarfort/public-pentesting-reports
A list of public penetration test reports published by several consulting firms and academic security groups.
fuzzdb-project/fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
sensepost/objection
📱 objection - runtime mobile exploration
bee-san/pyWhat
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
xmendez/wfuzz
Web application fuzzer
EdOverflow/bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
ticarpi/jwt_tool
:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
streaak/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
lc/gau
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
reddelexc/hackerone-reports
Top disclosed reports from HackerOne
arainho/awesome-api-security
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
welk1n/JNDI-Injection-Exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
magnologan/awesome-k8s-security
A curated list for Awesome Kubernetes Security resources
GrrrDog/weird_proxies
Reverse proxies cheatsheet
chaitin/passionfruit
[WIP] Crappy iOS app analyzer
tadwhitaker/Security_Engineer_Interview_Questions
Every Security Engineer Interview Question From Glassdoor.com
Ice3man543/SubOver
A Powerful Subdomain Takeover Tool
ChiChou/grapefruit
(WIP) Runtime Application Instruments for iOS. Previously Passionfruit
filedescriptor/untrusted-types
blabla1337/skf-labs
Repo for all the OWASP-SKF Docker lab examples
codingo/crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
neex/1u.ms
silentsignal/burp-piper
Piper Burp Suite Extender plugin
yesnet0/bounty
Misc bounty and vulndisc things
JustHitTheCore/ctf_workshops
This repo contains materials from Just Hit the Core CTF team workshops organized thanks to KNI Kernel at AGH University of Science and Technology. As the workshops are in polish, so are the materials here.