Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.

Automated pentest framework for offensive security experts

A list of interesting payloads, tips and tricks for bug bounty hunters.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

OneForAll是一款功能强大的子域收集工具

Automated NoSQL database enumeration and web application exploitation tool.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Penetration tests guide based on OWASP including test cases, resources and examples.

Find exploits in local and online databases instantly

Security Tool to Look For Interesting Files in S3 Buckets

Subdomain Takeover tool written in Go

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

This challenge is Inon Shkedy's 31 days API Security Tips.

Automatically brute force all services running on a target.

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

Multi Tool Subdomain Enumeration