A cheat sheet for attacking SQLite via SQLi

Various Dockerfiles I use on the desktop and on servers.

Collection of methodology and test case for various web vulnerabilities.

Modern. Native. Delightful Web Debugging Proxy for macOS, iOS, and Android ⚡️

Open-Source Phishing Toolkit

This is a collection of phishing templates and a landing page to be used with goPhish

Golang Secure Coding Practices guide

Run GUI applications and desktops in docker and podman containers. Focus on security.

Practice Go: a collection of Go programming challenges

A Python based ingestor for BloodHound

useful pentest note

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

A collection of various awesome lists for hackers, pentesters and security researchers

A collection of awesome penetration testing resources, tools and other shiny things

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

Vulnerable REST based PHP webservice deployed in Docker

VirSecCon2020 presentation support material

Some vulnerables docker webapps

Docker with Vuln XXE

Dockerized web applications that has any known vurnerability and examples on how to exploit them.

Test container known to be vulnerable. Do NOT use this apart from for testing

An example of obtaining RCE via Redis and CSRF

Fast and customizable vulnerability scanner based on simple YAML based DSL.

A pretty sweet vulnerability scanner

Enhanced account switching for AWS, supports Yubikey as MFA source

awesome list of browser exploitation tutorials

Automated Adversary Emulation Platform

Tomcat-Ajp协议文件读取漏洞

Basics on commands/tools/info on how to assess the security of mobile applications