A collection of various awesome lists for hackers, pentesters and security researchers

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

Fast web fuzzer written in Go

Web path scanner

OSS-Fuzz - continuous fuzzing for open source software.

Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.

the champagne of beta embedded databases

The property-based testing library for Python

You Know, For WEB Fuzzing !

Web application fuzzer

The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

syzkaller is an unsupervised coverage-guided kernel fuzzer

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Scalable fuzzing infrastructure.

Property based testing framework for JavaScript (like QuickCheck) written in TypeScript

Randomized testing for Go

american fuzzy lop - a security-oriented fuzzer

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Tutorials, examples, discussions, research proposals, and other resources related to fuzzing

An step by step fuzzing tutorial. A GitHub Security Lab initiative

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

A high performance offensive security tool for reconnaissance and vulnerability scanning

Automatic SSRF fuzzer and exploitation tool

Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

Catch API bugs before your users do

Rockyou for web fuzzing

Ethereum smart contract fuzzer