Top disclosed reports from HackerOne

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Advanced vulnerability scanning with Nmap NSE

📝 Web security related academic papers collection (just for myself).

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Python library and command line tool for configuring any YubiKey over all USB interfaces.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

SSRF (Server Side Request Forgery) testing resources

Hunt down social media accounts by username across social networks

JWT fuzzer

A container repository for my public web hacks!

A sitebar that helps pentesters to perform manual web security testing inside their browser. This addon is written in webextension and alternatives to the XUL version of original Hackbar.

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🤪 A list of funny and tricky JavaScript examples

🐶 A curated list of Web Security materials and resources.

Platform for emulation and dynamic analysis of Linux-based firmware