The Book Of Secret Knowledge

Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.

Hunt down social media accounts by username across social networks

Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Comprehensive Python Cheatsheet

🥧 HTTPie CLI — modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more.

What the f*ck Python? 😱

Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.

Write scalable load tests in plain Python 🚗💨

The premier source of truth powering network automation. Open source under Apache 2. Try NetBox Cloud free: https://netboxlabs.com/products/free-netbox-cloud/

Automated Nginx Reverse Proxy for Docker

A VIM-inspired filemanager for the console

Impacket is a collection of Python classes for working with network protocols.

Most advanced XSS scanner.

CTF framework and exploit development library

Postgres CLI with autocompletion and syntax highlighting

Exploitation Framework for Embedded Devices

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

Incredibly fast crawler designed for OSINT.

A Terminal Client for MySQL with AutoCompletion and Syntax Highlighting.

Fast subdomains enumeration tool for penetration testers

🛡️ Open-source and cloud-native Web Application Firewall (WAF)

Exploit Development and Reverse Engineering with GDB & LLDB Made Easy

Malicious traffic detection system

Real-time metrics for nginx server

curl statistics made simple

PEDA - Python Exploit Development Assistance for GDB

Compilation of Resources from TCM's Practical Ethical Hacking Udemy Course

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Automated Mass Exploiter

Drop-down terminal for GNOME

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.

Knock Subdomain Scan

Fast and powerful SSL/TLS scanning library.

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

A high performance offensive security tool for reconnaissance and vulnerability scanning

Hash collisions and exploitations

CLI for SQLite Databases with auto-completion and syntax highlighting

SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Detect and bypass web application firewalls and protection systems

Interactive Redis: A Terminal Client for Redis with AutoCompletion and Syntax Highlighting.

A small course on exploiting and defending neural networks

Find web directories without bruteforce

A very simple way to find out which SSL ciphersuites are supported by a target.

Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.

Reverse proxies cheatsheet