n0lsecurity's Stars
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
inancgumus/learngo
❤️ 1000+ Hand-Crafted Go Examples, Exercises, and Quizzes. 🚀 Learn Go by fixing 1000+ tiny programs.
ffuf/ffuf
Fast web fuzzer written in Go
owasp-amass/amass
In-depth attack surface mapping and asset discovery
EdOverflow/can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
lc/gau
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
m0bilesecurity/RMS-Runtime-Mobile-Security
Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
cujanovic/SSRF-Testing
SSRF (Server Side Request Forgery) testing resources
hisxo/gitGraber
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
defparam/smuggler
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
tomnomnom/gf
A wrapper around grep, to help you grep for things
Sh1Yo/x8
Hidden parameters discovery suite
irsdl/IIS-ShortName-Scanner
latest version of scanners for IIS short filename (8.3) disclosure vulnerability
tomnomnom/anew
A tool for adding new lines to files, skipping duplicates
1ndianl33t/Gf-Patterns
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
tillson/git-hound
Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.
httpvoid/writeups
kaiiyer/awesome-vulnerable
A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
DissectMalware/XLMMacroDeobfuscator
Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
righettod/poc-graphql
Research on GraphQL from an AppSec point of view.
l4yton/RegHex
A collection of regexes for every possbile use
craig/SpringCore0day
SpringCore0day from https://share.vx-underground.org/ & some additional links
barrracud4/image-upload-exploits
This repository contains various media files for known attacks on web applications processing media files. Useful for penetration tests and bug bounty.
dn0m1n8tor/learn365
This repository is about @AnubhavSingh_'s 365 days of Learning Tweets collection.
neex/ghostinthepdf
markpash/flowlat
flowlat is an eBPF-based tool for monitoring TCP SYN/SYN-ACK latency.
m4ll0k/bbscope
Scope gathering tool for HackerOne, Bugcrowd, Intigriti and Immunefi!
appknox/vapi
a vulnerable web api
n0lsecurity/Brut
Simple Bash DictionaryAttack Tool