A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Web path scanner

Fast passive subdomain enumeration tool.

A list of resources for those interested in getting started in bug bounties

Community curated list of templates for the nuclei engine to find security vulnerabilities.

OneForAll是一款功能强大的子域收集工具

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

The recursive internet scanner for hackers. 🧡

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Collection of methodology and test case for various web vulnerabilities.

An HTTP toolkit for security research.

All about bug bounty (bypasses, payloads, and etc)

A list of interesting payloads, tips and tricks for bug bounty hunters.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

A Workflow Engine for Offensive Security