A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

A modern vulnerable web app

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Python for AWAE (Advanced Web Attacks and Exploitation)

Top disclosed reports from HackerOne

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

A curated list of awesome GraphQL Security frameworks, libraries, software and resources

A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.

Fast passive subdomain enumeration tool.

OffSec OSINT Pentest/RedTeam Tools

Differential fuzzing REPL for HTTP implementations.

A rapid HTTP downgrade smuggling scanner written in Go.

BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition

Bambdas collection for Burp Suite Professional and Community.

Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty

🔐 A CLI tool to extract server certificates

A list of resources for those interested in getting started in bug bounties

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Application Security Verification Standard

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Official OWASP Top 10 Document Repository

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.