SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A post-modern modal text editor.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Execute ELF files without dropping them on disk

tmux source code

p0f v3 with impersonation spoofing, written in Python - Accurately guess the OS of a packet with passive fingerprinting.

Notepad++ User Defined Languages Collection

ShareX is a free and open source program that lets you capture or record any area of your screen and share it with a single press of a key. It also allows uploading images, text or other types of f…

A (nearly) no-CSS, fast, minimalist Jekyll theme.

World's fastest and most advanced password recovery utility

Exploring possibilities of ESP32 platform to attack on nearby Wi-Fi networks.

Example ARM64 Assembly programs for Raspberry Pi

Metasploit Framework

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Automatic SQL injection and database takeover tool

A pentesting tool that dumps the source code from .git even when the directory traversal is disabled

Web and mobile application security training platform

"Linking Threat Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations for Cyber Hunting" by Erik Hemberg, Jonathan Kelly, Michal Shlapent…

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

🎯 SQL Injection Payload List

Damn Vulnerable Web Application (DVWA)

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A set of Zeek scripts to detect ATT&CK techniques.

Extract files from network traffic with Zeek.

Zeek-Formatted Threat Intelligence Feeds