weev3

Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software.

awesome-appsec

A curated list of resources for learning about application security

caldera

Automated Adversary Emulation Platform

Awesome-Fuzzing

A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

keyhacks

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

MobileApp-Pentest-Cheatsheet

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

kubernetes-goat

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

PSBits

Simple (relatively) things allowing you to dig a bit deeper than usual.

awesome-vehicle-security

🚗 A curated list of resources for learning about vehicle security and car hacking.

WindowsInternals

Windows Internals Book 7th edition Tools

kerberoast

pocorgtfo

a "Proof of Concept or GTFO" mirror with an extensive index with also whole issues or individual articles as clean PDFs.

vulnserver

Vulnerable server used for learning software exploitation

teemo

A Domain Name & Email Address Collection Tool

linux-exploitation-course

A Course on Intermediate Level Linux Exploitation

android_app_security_checklist

Android App Security Checklist

security-paper

（与本人兴趣强相关的）各种安全or计算机资料收集

0day-security-software-vulnerability-analysis-technology

0day安全_软件漏洞分析技术

Tiredful-API

An intentionally designed broken web application based on REST API.

attack-arsenal

A collection of red team and adversary emulation resources developed and released by MITRE.

DirCreate2System

Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting

burpdeveltraining

Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"

hacker-container

The Swiss Army Container for Cloud Native Security. Container with all the list of useful tools/commands while hacking and securing Containers, Kubernetes Clusters, and Cloud Native workloads.

PSReflect

Easily define in-memory enums, structs, and Win32 functions in PowerShell

fuzzgoat

A vulnerable C program for testing fuzzers.

WebDavC2

A WebDAV PROPFIND C2 tool

knowledge-sharing

Hands-on content for Humla/Puliya sessions at null community

spikepp

SPIKE is a protocol fuzzer creation kit. It provides an API that allows a user to create their own fuzzers for network based protocols using the C++ programming language. The tool defines a number of primitives that it makes available to C coders, which allows it to construct fuzzed messages called “SPIKES” that can be sent to a network service to hopefully induce errors. SPIKE was specifically designed to focus on finding exploitable bugs, so it’s an excellent choice for our purposes. SPIKE also includes a simple scripting capability, and within the SPIKE distribution, there are a few command line tools which can act as interpreters to simple text files containing SPIKE primitives.

sievePWN

An android application which exploits sieve through android components.