SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Tfsec is now part of Trivy

Web Attack Cheat Sheet

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps v…

Detector for Log4Shell exploitation attempts

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

ALL IN ONE Hacking Tool For Hackers

🕳 bore is a simple CLI tool for making tunnels to localhost

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

The ZAP by Checkmarx Core project

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

The Browser Exploitation Framework Project

Red Team Cheatsheet in constant expansion.

OWASP Web Application Security Testing Checklist

A list of bookmarks I have used since I started my journey in cyber security

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.

OOXML password remover

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

Security Remediation Guides

RedEye is a visual analytic tool supporting Red & Blue Team operations

A collection of custom security tools for quick needs.

Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.

Operational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3

Metlo is an open-source API security platform.

Anteon (formerly Ddosify) - Effortless Kubernetes Monitoring and Performance Testing. Available on CLI, Self-Hosted, and Cloud

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.