reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Mimikatz implementation in pure Python

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the contr…

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

A fast, simple, recursive content discovery tool written in Rust.

Take a list of domains and probe for working HTTP and HTTPS servers

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Accept URLs on stdin, replace all query string values with a user-supplied value

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

Fetch all the URLs that the Wayback Machine knows about for a domain

A wrapper around grep, to help you grep for things

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

HTTP parameter discovery suite.

Find domains and subdomains related to a given domain

A rapid API for the Project Sonar dataset

A list of interesting payloads, tips and tricks for bug bounty hunters.

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Awesome XSS stuff

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A list of useful payloads and bypass for Web Application Security and Pentest/CTF