A collection of various awesome lists for hackers, pentesters and security researchers

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.

This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vulnerability research, exploit development, reverse engineering, and more. 🔥 Also check: https://hackertraining.org

A collection of awesome penetration testing resources, tools and other shiny things

Open-source AI hackers to find and fix your app’s vulnerabilities.

A collection of hacking / penetration testing resources to make you better!

A collection of hacking tools, resources and references to practice ethical hacking.

Fully autonomous AI Agents system capable of performing complex penetration testing tasks

Web path scanner

🐶 A curated list of Web Security materials and resources.

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Automated Penetration Testing Agentic Framework Powered by Large Language Models

fsociety Hacking Tools Pack – A Penetration Testing Framework

hydra

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Attack Surface Management Platform

A list of public penetration test reports published by several consulting firms and academic security groups.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Tools and Techniques for Red Team / Penetration Testing

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Gather and update all available and newest CVEs with their PoC.

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Infection Monkey - An open-source adversary emulation platform

A list of web application security