pentest

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

API, CLI, and Web App for analyzing and finding a person's profile in +1000 social media \ websites

A collection of hacking tools, resources and references to practice ethical hacking.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

A list of resources for those interested in getting started in bug bounties

windows-kernel-exploits Windows平台提权漏洞集合

📱 objection - runtime mobile exploration

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

linux-kernel-exploits Linux平台提权漏洞集合

A curated list of awesome infosec courses and training resources.

Next generation web scanner

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Git All the Payloads! A collection of web attack payloads.

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Collection of the cheat sheets useful for pentesting

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Phishing Tool & Information Collector

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

The ultimate WinRM shell for hacking/pentesting

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

XSS'OR - Hack with JavaScript.

Awesome Node.js Security resources

SSRF (Server Side Request Forgery) testing resources

Automatic SSRF fuzzer and exploitation tool

🌴Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)

Penetration tests guide based on OWASP including test cases, resources and examples.