Red Team Tips as posted by @vysecurity on Twitter

A curated list of hacking environments where you can train your cyber skills legally and safely

🐶 A curated list of Web Security materials and resources.

✍️ A curated list of CVE PoCs.

PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

A simple demo of phishing by abusing the browser autofill feature

A curated list of the most common and most interesting robots.txt disallowed directories.

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

Welcome to the XSS Challenge Wiki!

Application Security Verification Standard

a more complex ransomware honeypot

Defund the Police.

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

Self contained htaccess shells and attacks

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

A swiss army knife for pentesting networks

OWASP WebScarab

an open source ransomware honeypot

OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/

Framework for Man-In-The-Middle attacks

DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap

A book series on JavaScript. @YDKJS on twitter.

Network utility for sending / receiving TCP, UDP, SSL, HTTP