BugHunter ID

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering.

Mobile penetration testing android command cheatsheet

Directory/file & DNS busting tool written in Go

Reconnaissance Swiss Army Knife

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

The official Python library for Shodan

A Tool for Domain Flyovers

Penetration tests cases, resources and guidelines.

Most advanced XSS detection suite.

PENTOL - Pentester Toolkit for Fiddler2

Open source education content for the researcher community

📌 A guide for amateurs pen testers and a collection of hacking tools, resources and references to practice ethical hacking, pen testing and web security.

In-depth DNS Enumeration and Network Mapping

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A collection of awesome penetration testing resources, tools and other shiny things

Awesome XSS stuff

Incredibly fast crawler designed for OSINT.

open redirect subdomains scanner

SSRF (Server Side Request Forgery) testing resources

Web application fuzzer

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Knock Subdomain Scan

Web path scanner

A list of interesting payloads, tips and tricks for bug bounty hunters.

Open Redirect Payloads

Payloads for CRLF Injection

subdomain bruteforce list