SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Damn Vulnerable Web Application (DVWA)

This is a webshell open source project

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

Mautic: Open Source Marketing Automation Software.

A curated list of resources for learning about application security

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Main repository for pfSense

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

Collection of CTF Web challenges I made

Single-file PHP shell

FruityWiFi is a wireless network auditing tool. The application can be installed in any Debian based system (Jessie) adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspber…

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

AWSGoat : A Damn Vulnerable AWS Infrastructure

Hashtopolis - distributed password cracking with Hashcat

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, s…

Your performance & security consultant, an artisan command away.

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.

🎯 PHP / ASP - Shell Backdoor List 🎯

A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

Work in progress...

SniperPhish - The Web-Email Spear Phishing Toolkit

Password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and …

DejaVU - Open Source Deception Framework

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

Vulnerable API

PurpleLab is an efficient and readily deployable lab solution, providing a swift setup for cybersecurity professionals to test detection rules, simulate logs, and undertake various security tasks,…

Find AWS S3 buckets and test their permissions.