OSCP Guide

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

Find way more from the Wayback Machine!

A python tool used to discover endpoints for a given target

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

Monitoring exploits & references for CVEs

Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

Dex to Java decompiler

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Gotator is a tool to generate DNS wordlists through permutations.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Few templates which I developed for nuclei

List of Github repositories and articles with list of dorks for different search engines

向日葵 RCE

A big list of Android Hackerone disclosed reports and other resources.

Nuclei Templates to reproduce Cracking the lens's Research

OneForAll是一款功能强大的子域收集工具

The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widesprea…

Some files for bruteforcing certain things.

Mind-Maps of Several Things

API Key/Token Exploitation Made easy.

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Threat Hunting & Incident Investigation with Osquery

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

simple template to use