A collective list of free APIs

All Algorithms implemented in Python

Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Impacket is a collection of Python classes for working with network protocols.

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the contr…

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

SSRF (Server Side Request Forgery) testing resources

Offensive Software Exploitation Course

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

Command line utility for searching and downloading exploits

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

HTA encryption tool for RedTeams

Automated Red Team Infrastructure deployement using Docker

Shodan Eye This tool collects all the information about all devices directly connected to the internet using the specified keywords that you enter. Author: Jolanda de Koff

WAFNinja is a tool which contains two functions to attack Web Application Firewalls.

A fuzzer for detecting open redirect vulnerabilities

There is no pre-auth RCE in Jenkins since May 2017, but this is the one!

Bugcrowd’s baseline priority ratings for common security vulnerabilities

Pentesting Android Application Course For Kids+ (English and Vietnamese edition)

A WebSocket C2 Tool