A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A collection of awesome penetration testing resources, tools and other shiny things

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. Used by OpenAI and Anthropic.

A collection of hacking tools, resources and references to practice ethical hacking.

articles

Automated Penetration Testing Agentic Framework Powered by Large Language Models

A list of resources for those interested in getting started in bug bounties

hydra

Program for determining types of files for Windows, Linux and MacOS.

A list of public penetration test reports published by several consulting firms and academic security groups.

A swiss army knife for pentesting networks

📱 objection - runtime mobile exploration

Tools and Techniques for Red Team / Penetration Testing

windows-kernel-exploits Windows平台提权漏洞集合

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.

game of active directory

A fast, simple, recursive content discovery tool written in Rust.

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Cyber Security ALL-IN-ONE Platform

All about bug bounty (bypasses, payloads, and etc)

Next generation web scanner

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Notes for Beginner Network Pentesting Course

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Reverse engineering and pentesting for Android applications

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

An automated e-mail OSINT tool

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup