This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

A collection of hacks and one-off scripts

A projectdiscovery driven attack surface monitoring bot powered by axiom

Burp Suite Extension useful to verify OAUTHv2 and OpenID security

A cheatsheet for exploiting server-side SVG processors.

GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No serv…

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Burp Suite Extension useful to verify OAUTHv2 and OpenID security

Damn Vulnerable NodeJS Application

A collective list of free APIs

This is a collection of ZAProxy Automation Tools and scripts to automate security tests of WEB Applications and WEB Sites

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

A library that allows you to easily mock out tests based on AWS infrastructure.