gamersushil

semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Mindmap

This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them

SpringBootVulExploit

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

pspy

Monitor linux processes without root permissions

WebHackersWeapons

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

kiterunner

Contextual Content Discovery Tool

vulnerability-Checklist

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

firefox_decrypt

Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles

awesome-devops

A curated list of awesome DevOps platforms, tools, practices and resources

smuggler

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

top25-parameter

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

reFlutter

Flutter Reverse Engineering Framework

jsluice

Extract URLs, paths, secrets, and other interesting bits from JavaScript

akto

Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

offensive-bookmarks

A collection of bookmarks for penetration testers, bug bounty hunters, malware developers, reverse engineers and anyone who is just interested in infosec topics.

Frida-Labs

The repo contains a series of challenges for learning Frida for Android Exploitation.

PMAT-labs

Labs for Practical Malware Analysis & Triage

surf

Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.

android-unpinner

Remove Certificate Pinning from APKs

websitesVulnerableToSSTI

Simple websites vulnerable to Server Side Template Injections(SSTI)

Vulnerabilities-Unmasked

This repo tries to explain complex security vulnerabilities in simple terms that even a five-year-old can understand!

disable-flutter-tls-verification

A Frida script that disables Flutter's TLS verification

CRTP-Notes

Study materials for the Certified Red Team Pentesting (CRTP) exam, covering essential concepts in red teaming and penetration testing

vet

Tool to achieve policy driven vetting of open source dependencies

ADCheatSheet

Active Directory Cheat Sheet

cowitness

CoWitness is a powerful web application testing tool that enhances the accuracy and efficiency of your testing efforts. It allows you to mimic an HTTP server and a DNS server, providing complete responses and valuable insights during your testing process.

Pentesting-Guide

Everything-About-DNS

DNS Explained : This repo aims to explain the basics of DNS at different levels of complexity for readers with various technical backgrounds.

angularjs-code-review-checklist