A community-powered collection of all known bug bounty platforms, vulnerability disclosure platforms, and crowdsourced security platforms currently active on the Internet.

🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.

Web Attack Cheat Sheet

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

Top disclosed reports from HackerOne

🔭 Daily Useful Scripts

Sample vulnerable code and its exploit code

Metasploit Framework

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A comprehensive repository for mastering DevOps skills and tools. Explore topics like Docker, Kubernetes, Ansible, Terraform, and more. Ideal for beginners and experienced professionals alike, with…

In this repository you will find sample code files for each day of the course "Python for OSINT. A 21-day course for beginners".

This repository aims to provide a comprehensive and structured approach to the reconnaissance (recon) phase of bug bounty hunting. The recon phase is crucial in identifying potential attack surface…