The Book Of Secret Knowledge

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🤖 The Modern Port Scanner 🤖

Fast passive subdomain enumeration tool.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Automated penetration testing & attack surface management platform. Recon, scan, exploit, report — 600+ exploits, 90+ integrations, 10K+ detections.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A Modern Orchestration Engine for Security

Top 100 Hacking & Security E-Books (Free Download)

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Free Security and Hacking eBooks

A collected list of awesome security talks

Git All the Payloads! A collection of web attack payloads.

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

A high performance offensive security tool for reconnaissance and vulnerability scanning

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.

My CTF journey since 2015. Stats, writeups, code snippets, notes, challenges.

Host and manage multiple Juice Shop instances for security trainings and Capture The Flags

Bug Bounty writeups, Vulnerability Research, Tutorials, Tips&Tricks