1n1t6Sh3ll

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

resolvers

The most exhaustive list of reliable DNS resolvers.

PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

cve

Gather and update all available and newest CVEs with their PoC.

cryptocurrency-security

加密资产安全解决方案 Cryptocurrency Security Solution

h4cker

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

trufflehog

Find credentials all over the place

MindAPI

Organize your API security assessment by using MindAPI. It's free and open for community collaboration.

semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

build-your-own-x

🤓 Build your own (insert technology here)

Bug-bounty-Writeups

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

medusa

Binary instrumentation framework based on FRIDA

LearingMaterials

Different learning materials

rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

commix

Automated All-in-One OS Command Injection Exploitation Tool.

owasp-masvs

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

usbrubberducky-payloads

The Official USB Rubber Ducky Payload Repository

Top10

Official OWASP Top 10 Document Repository

wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Vehicle-OSINT-Collection

A comprehensive list of tools that can be used for finding information related to a specific vehicle.

hackerone-reports-1

Top disclosed reports from HackerOne

Knowledge-Base

Knowledge Base 慢雾安全团队知识库

Web-Attack-Cheat-Sheet

Web Attack Cheat Sheet

IoTSecurity101

A Curated list of IoT Security Resources

hacklock

hacklock is a bash based script which is officially termux from this tool in just one click you can generate pattern phishing tool which can hack victim pattern

public-apis

A collective list of free APIs