A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.

Source code for Hacker101.com - a free online web and mobile security class.

serve as a reverse proxy to protect your web services from attacks and exploits.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A vulnerability scanner for container images and filesystems

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Gather and update all available and newest CVEs with their PoC.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Collection of methodology and test case for various web vulnerabilities.

All about bug bounty (bypasses, payloads, and etc)

A list of web application security

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Open Source Vulnerability Management Platform

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Advanced vulnerability scanning with Nmap NSE

This repository contains the scanner component for Greenbone Community Edition.