Penetration Testing notes, resources and scripts

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve…

A list of public penetration test reports published by several consulting firms and academic security groups.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

OnionScan is a free and open source tool for investigating the Dark Web.

Collection of Cyber Threat Intelligence sources from the deep and dark web

A Security Tool for Bug Bounty, Pentest and Red Teaming.

BBT - Bug Bounty Tools (examples💡)

Fast subdomains enumeration tool for penetration testers

This challenge is Inon Shkedy's 31 days API Security Tips.

Top disclosed reports from HackerOne

VULNRΞPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE, CVE, MITRE ATT&CK, PCI DSS, import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira expor…

bug bounty disclosed reports

List of reporting templates I have used since I started doing BBH.

A sensible no bullshit repo of summaries of reports on hackerone, bugcrowd and alike, that makes straight up sense and make it easy to repeat and automate. This is supposed to serve as my personal …

CTF and Bug Bounty Hunting WriteUps.

This is a useful Python script for extracting bug bounty or any other write-ups from Medium.com and other websites (soon).

BugBounty_CheatSheet

Find subdomains on GitHub.

A Python Script to Get Subdomain using https://crt.sh

Find domains and subdomains related to a given domain

In-depth repository of Telegram OSINT resources covering, tools, techniques & tradecraft.

Publication of challenges and solutions of some CTFs.

Awesome list of Search Engines for Cybersecurity Researchers

Conference presentation slides

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter