A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Web path scanner

Fast passive subdomain enumeration tool.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

A list of resources for those interested in getting started in bug bounties

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

OneForAll是一款功能强大的子域收集工具

The recursive internet scanner for hackers. 🧡

An HTTP toolkit for security research.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Collection of methodology and test case for various web vulnerabilities.

All about bug bounty (bypasses, payloads, and etc)

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

A list of interesting payloads, tips and tricks for bug bounty hunters.

A Modern Orchestration Engine for Security

Scanning APK file for URIs, endpoints & secrets.

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

A curated list of various bug bounty tools

Automated All-in-One OS Command Injection Exploitation Tool

Top disclosed reports from HackerOne

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

An OOB interaction gathering server and client library

Knock Subdomain Scan