LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

This challenge is Inon Shkedy's 31 days API Security Tips.

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

Penetration tests guide based on OWASP including test cases, resources and examples.

Automatic SSRF fuzzer and exploitation tool

SSRF (Server Side Request Forgery) testing resources

Awesome Node.js Security resources

A collection of custom security tools for quick needs.

articles

Attack and defend active directory using modern post exploitation adversary tradecraft activity

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and re…

Miscellaneous pentesting scripts for OSCP

2018年初整理的一些内网渗透TIPS，后面更新的慢，所以整理出来希望跟小伙伴们一起更新维护~

This tool is used to map out the network data flow to help penetration testers identify potentially valuable targets.

Compilation of commands, tips and scripts that helped me throughout Vulnhub, Hackthebox, OSCP and real scenarios

a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )

XSS payloads designed to turn alert(1) into P1

This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

A laboratory for learning secure web and mobile development in a practical manner.

vulnerable single sign on

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

Shell script for testing DNS zone transfer (AXFR query) on domains and subdomains recursively.

A simple tool which could be useful to identify the exploits afflicting a Windows OS

Linux Local Privesc Helper and Agent

Extract credentials from lsass remotely

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application