A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

A collection of various awesome lists for hackers, pentesters and security researchers

Reverse Engineer's Toolkit

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

Automated All-in-One OS Command Injection Exploitation Tool

File upload vulnerability scanner and exploitation tool.

😱 A curated list of amazingly awesome OSINT

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

一个想帮你总结所有类型的上传漏洞的靶场

Find broken links, missing images, etc within your HTML.

📚 A collection of useful resources for building RESTful HTTP+JSON APIs.

Collection of methodology and test case for various web vulnerabilities.

Ressources for bug bounty hunting

🛡️ Awesome Cloud Security Resources ⚔️

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Simple file dump utility for Android

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on…

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

articles

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

this html file creates a csrf poc form to any http request.

Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk. This tool is necessary for security researchers to be able to look under the hood of encryption.

UNIX-like reverse engineering framework and command-line toolset