(FREE SITE GENERATOR) - A Customizable/Hackable portfolio jekyll theme where you can blog using Markdown or CMS 🚀 in minutes built for developers. (with CMS) ✨

SCIENCE, HACKING AND SECURITY

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Awesome list of step by step techniques to achieve Remote Code Execution on various apps!

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Automatically brute force all services running on a target.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

The Swiss Army knife for automated Web Application Testing

Penetration tests guide based on OWASP including test cases, resources and examples.

A collection of awesome one-liner scripts especially for bug bounty tips.

pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

A collection of custom security tools for quick needs.

The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, …

An step by step fuzzing tutorial. A GitHub Security Lab initiative

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Automated All-in-One OS Command Injection Exploitation Tool.

A recursive internet scanner for hackers.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A list of interesting payloads, tips and tricks for bug bounty hunters.

An HTTP toolkit for security research.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

OneForAll是一款功能强大的子域收集工具