The Book Of Secret Knowledge

Automated penetration testing & attack surface management platform. Recon, scan, exploit, report — 600+ exploits, 90+ integrations, 10K+ detections.

A command-line hex viewer

:zap: From finding text to search and replace, from sorting to beautifying text and more :art:

High-level tracing language for Linux

List of awesome reverse engineering resources

Universal command-line interface for SQL databases

The pattern matching swiss knife

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

A list of public penetration test reports published by several consulting firms and academic security groups.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Some setup scripts for security research tools.

Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!

DevOps Guide - Development to Production all configurations with basic notes to debug efficiently.

Testing TLS/SSL encryption anywhere on any port

Main gperftools repository

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

Malicious traffic detection system

Linux system exploration and troubleshooting tool with first class support for containers

Scripted Local Linux Enumeration & Privilege Escalation Checks

The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb

📖 A collection of pure POSIX sh alternatives to external processes.

Fast cross-platform HTTP benchmarking tool written in Go

A guide to understand the importance of commit messages and how to write them well

The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

A list of (almost) all headless web browsers in existence

Platform to host Capture the Flag competitions

Real-time metrics for nginx server

A Modern Orchestration Engine for Security

Top 100 Hacking & Security E-Books (Free Download)

Notes for Beginner Network Pentesting Course

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

ZMap is a fast single packet network scanner designed for Internet-wide network surveys.

syzkaller is an unsupervised coverage-guided kernel fuzzer

Compilation of public failure/horror stories related to Kubernetes

curl statistics made simple

PEDA - Python Exploit Development Assistance for GDB

Compilation of Resources from TCM's Practical Ethical Hacking Udemy Course

:book: For those who wanna learn Bash

Lsyncd (Live Syncing Daemon) synchronizes local directories with remote targets

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

A Tool for Domain Flyovers

htop is an interactive text-mode process viewer for Unix systems. It aims to be a better 'top'.

Ethr is a Comprehensive Network Measurement Tool for TCP, UDP & ICMP.

Learn where some of the network sysctl variables fit into the Linux/Kernel network flow. Translations: 🇷🇺

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation