A collection of personal scripts used in hacking excercises.

Pathbrute

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Fast web fuzzer written in Go

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Automatic SSRF fuzzer and exploitation tool

In-depth Attack Surface Mapping and Asset Discovery

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

This script is intended to automate your reconnaissance process in an organized fashion

Curated list of public penetration test reports released by several consulting firms and academic security groups

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

Scripted Local Linux Enumeration & Privilege Escalation Checks

The Bug Hunters Methodology

Repo of useful scripts

Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts&videos)

Brute-Forcing from Nmap output - Automatically attempts default creds on found services.

Fetch all the URLs that the Wayback Machine knows about for a domain

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Compilation of commands, tips and scripts that helped me throughout Vulnhub, Hackthebox, OSCP and real scenarios

Tools to perform basic search on GitHub.

SSRF (Server Side Request Forgery) testing resources

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

Various Payload wordlists

Top 100 Hacking & Security E-Books (Free Download)

Setup script for Regon-ng

Open source education content for the researcher community

🎯 Prevent RubberDucky (or other keystroke injection) attacks

Cloudflare DNS Enumeration Tool for Pentesters

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature