mcLays

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

h4cker

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.

nginx-admins-handbook

How to improve NGINX performance, security, and other important things.

GTFOBins.github.io

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

malwoverview

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

snoop

Snoop — инструмент разведки на основе открытых данных (OSINT world)

command-injection-payload-list

🎯 Command Injection Payload List

BurpSuite-For-Pentester

This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite".

Priv2Admin

Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.

lpeworkshop

Windows / Linux Local Privilege Escalation Workshop

pentest-book

gotestwaf

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

xca

X Certificate and Key management

Azure-Red-Team

Azure Security Resources and Notes

writehat

A pentest reporting tool written in Python. Free yourself from Microsoft Word.

databunker

Secure SDK/vault for personal records/PII built to comply with GDPR

BigBountyRecon

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

4-ZERO-3

403/401 Bypass Methods + Bash Automation + Your Support ;)

IRM

Incident Response Methodologies 2022

SniperPhish

SniperPhish - The Web-Email Spear Phishing Toolkit

SME

AutoSUID

AutoSUID application is the Open-Source project, the main idea of which is to automate harvesting the SUID executable files and to find a way for further escalating the privileges.

command-line-quick-reference

quick reference on command line tools and techniques for the people with limited time

ADenum

AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos.

russia-ukraine_IOCs

Russia / Ukraine 2022 conflict related IOCs from CERT Orange Cyberdefense Threat Intelligence Datalake

adfsbrute

A script to test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks.

TWAPT

Deploy your own lab of web application penetration testing with docker and docker-compose, webgoat, dvwap, bwapp and Juice Shop

env

JScript for adding temporary variables to environment variables. Which can then be used in calling other scripts and applications.