Stars
Information gathering framework for phone numbers
🖥 📊 🕹 🛠 A curated list of command line apps
Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
A Unix-style personal search engine and web crawler for your digital footprint.
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Automated NoSQL database enumeration and web application exploitation tool.
Take a list of domains and probe for working HTTP and HTTPS servers
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.
Find AWS S3 buckets and test their permissions.
A collection of custom security tools for quick needs.
Guidelines for writing secure code for Python developers.
Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
TotalRecon installs all the recon tools you need
OSS-Fuzz - continuous fuzzing for open source software.
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Tutorials, examples, discussions, research proposals, and other resources related to fuzzing
Official Black Hat Arsenal Security Tools Repository
This repository contains information about DevSecOps and how to get involved in this community effort.