A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Technical notes, AD pentest methodology, list of tools, scripts and Windows commands that are useful for internal penetration tests and assumed breach exercises (red teaming).

Resources to help get started with IoT Pentesting

Python tool that generates an Xmind map with all the information gathered and any evidence of possible vulnerabilities identified via static analysis. The map itself is an Android Application Pentesting Methodology component, which assists Pentesters to cover all important areas during an assessment.

This is CheatSheet which I used on PJPT exam to fully compromise Domain Controller by doing internal network penentration testing.

All in one Pentest methodologies - Tools and commands | Where compiled all common materials for pentester

A web based checklist driven note taking app following bug bounty and web app pentest methodology.

Bug Bounty Methodology-slides by Muhammad M. Awali. Pentesting and Researcher Talks.

When it comes to exploiting web application security, this is a methodology. Enumeration and Networking guidelines are also listed to help while on a Pentest/CTF.

AI Penetration Testing Plugin for OpenCode — Autonomous pentesting with 600+ Kali Linux tools, Playwright browser automation, and OWASP methodology

Audit and pentest methodologies for Windows including internal enumeration, privesc, lateral movement, etc.

A curated collection of Pentesting notes, methodologies, and tools. Covering reconnaissance, web application attacks, network exploitation, and vulnerability assessments. Continuously updated with practical techniques and cheat sheets for ethical hacking.

Open-source methodology on pentesting and risk mitigation

Audit and pentest methodologies for Linux including internal enumeration, privesc, lateral movement, etc.

The Black Mamba — Bug bounty hunting CLI framework. 30+ scanner modules, OWASP Top 10 coverage, Kill Chain methodology, AI-assisted pentesting, and HackerOne integration. Globally installable.

The Public Physical Pentesting Paraphernalia Project (P5) is a collection of 3D printing models, DIY tool instructions and entry-level methodologies for lowering the entry barrier to physical penetration testing.

The SAP Pentest Playbook is a community-driven, open-source resource that documents practical techniques, tools, and methodologies for conducting penetration tests on SAP systems and landscapes. It is part of the OWASP CBAS project and aims to serve as a single, reliable point of reference for SAP security professionals, pentesters, and researchers

In Detail Methodology of How I perform Web Pentesting

Audit and pentest methodologies for Active Directory including internal enumeration, privesc, lateral movement, etc.

Android Pentesting - Methodology, tools...

A clean nmap reference guide for CTF and professionals who don't want to keep googling nmap commands at 2AM. This will be the bookmark you actually use! . Part of the SudoChef's Pentesting Methodology Guide.

Just some notes about pentesting methodologies, techniques and tools.

This repo contains my notes, tools, methodologies for web security and pentesting

External enumeration methodology for external pentest

My methodology for pentesting/hacking

Wireless Pentest Methodology Notes

🛡️ The Ultimate Cybersecurity Cheat Sheets Hub — Pentest, Red Team, Blue Team, Purple Team, GRC — Tools, Methodologies, Frameworks & Compliance. Practical, Uncompromising.

flop.py documentations about pentesting attacks technique, personnal exploits/codes and any other pentest methodologies.

This repository includes pentest reports, methodologies, and a checklist for effective security assessments.

Tips and methodologies to pentest the most common web services