zulu-caPWN's Stars
ziishaned/learn-regex
Learn regex the easy way
OWASP/owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
LOLBAS-Project/LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
ihebski/DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
ticarpi/jwt_tool
:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
hahwul/dalfox
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
arainho/awesome-api-security
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
exakat/php-static-analysis-tools
A reviewed list of useful PHP static analysis tools
mrd0x/BITB
Browser In The Browser (BITB) Templates
devanshbatham/ParamSpider
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
terjanq/Tiny-XSS-Payloads
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
tomnomnom/gf
A wrapper around grep, to help you grep for things
dolevf/Damn-Vulnerable-GraphQL-Application
Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.
swisskyrepo/GraphQLmap
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
roottusk/vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
OWASP/crAPI
completely ridiculous API (crAPI)
masatokinugawa/filterbypass
Browser's XSS Filter Bypass Cheat Sheet
fransr/postMessage-tracker
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
dsopas/MindAPI
Organize your API security assessment by using MindAPI. It's free and open for community collaboration.
Tuhinshubhra/ExtAnalysis
Browser Extension Analysis Framework - Scan, Analyze Chrome, firefox and Brave extensions for vulnerabilities and intels
l0ss/Grouper2
Find vulnerabilities in AD Group Policy
cclabsInc/RFCrack
A Software Defined Radio Attack Tool
e11i0t4lders0n/Web-Application-Pentest-Checklist
guardrailsio/awesome-dotnet-security
Awesome .NET Security Resources
righettod/poc-graphql
Research on GraphQL from an AppSec point of view.
l4yton/RegHex
A collection of regexes for every possbile use
InsiderPhD/Generic-University
Vulnerable API
assetnote/batchql
GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations
doyensec/burpdeveltraining
Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
frank-leitner/portswigger-websecurity-academy
Writeups for PortSwigger WebSecurity Academy