IP Lookups for Open Ports and Vulnerabilities from internetdb.shodan.io

Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions

🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go

Google auto-complete wrapper

Wraps projectdiscovery's cdncheck library to exclude CDN hosts from input passed over stdin

🐶 A curated list of Web Security materials and resources.

Use your macOS terminal shell to do awesome things.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

An HTTP toolkit for security research.

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Accept URLs on stdin, replace all query string values with a user-supplied value

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report

XSS payloads designed to turn alert(1) into P1

A list of cloud ranges from different providers.

A fuzzer for detecting open redirect vulnerabilities

A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!

An Out-of-Band XXE server for retrieving file contents over FTP.

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Bruteforce database

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

HTTPLeaks - All possible ways, a website can leak HTTP requests

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Welcome to the XSS Challenge Wiki!

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

A list of useful payloads and bypass for Web Application Security and Pentest/CTF