A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

Github action for monitoring CVE

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.

Web Pentesting Fuzz 字典,一个就够了。

GFPGAN aims at developing Practical Algorithms for Real-world Face Restoration.

Predict Mongo ObjectIds

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

list of regex patterns for oauth / api tokens with provided source

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Prototype Pollution and useful Script Gadgets

Every Security Engineer Interview Question From Glassdoor.com

Hidden parameters discovery suite

Scrapts Scrapts Scrapts

Data set of top third party web domains with rich metadata about them

📚 Collaborative cheatsheets for console commands

A command-line tool and Rust library with Python bindings for generating regular expressions from user-provided test cases

Secret Keywords patterns - aggregated from different sources.

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readines…

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

OneForAll是一款功能强大的子域收集工具

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

An hourly updated list of subdomains gathered from certificate transparency logs

Find, verify, and analyze leaked credentials

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to…

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

Fast and customizable vulnerability scanner based on simple YAML based DSL.