A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.

Automated pentest framework for offensive security experts

A list of interesting payloads, tips and tricks for bug bounty hunters.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

OneForAll是一款功能强大的子域收集工具

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Automated NoSQL database enumeration and web application exploitation tool.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Scan for open AWS S3 buckets and dump the contents

Penetration tests guide based on OWASP including test cases, resources and examples.

Find exploits in local and online databases instantly

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Subdomain Takeover tool written in Go

Security Tool to Look For Interesting Files in S3 Buckets

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

This challenge is Inon Shkedy's 31 days API Security Tips.

Automatically brute force all services running on a target.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.

A collection of tiny XSS Payloads that can be used in different contexts.

A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.