A collection of various awesome lists for hackers, pentesters and security researchers

Web path scanner

A list of resources for those interested in getting started in bug bounties

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

The dynamic infrastructure framework for anybody!

Collection of quality safety articles

Subdomain Takeover tool written in Go

This challenge is Inon Shkedy's 31 days API Security Tips.

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

Semi-automatic OSINT framework and package manager

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

A cross-platform note-taking & target-tracking app for penetration testers.

A Powerful Subdomain Takeover Tool

Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

Collection of small security tools created mostly in Python. CTFs, pentests and so on

SRCMS企业应急响应与缺陷管理系统

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

A collection of awesome one-liner scripts especially for bug bounty tips.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

🎯 XML External Entity (XXE) Injection Payload List

Hawkeye filesystem analysis tool

ScanT3r - Web Security Scanner

平常看到好的渗透hacking工具和多领域效率工具的集合

🎯 RFI/LFI Payload List

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

bash scripting thing !

A permutation generation tool written in golang

A web crawler (for bug hunting) that gathers more than you can imagine.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.