pentest

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A collection of hacking tools, resources and references to practice ethical hacking.

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

A list of resources for those interested in getting started in bug bounties

hydra

windows-kernel-exploits Windows平台提权漏洞集合

📱 objection - runtime mobile exploration

Cyber Security ALL-IN-ONE Platform

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Program for determining types of files for Windows, Linux and MacOS.

linux-kernel-exploits Linux平台提权漏洞集合

A curated list of awesome infosec courses and training resources.

Next generation web scanner

暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A fast, simple, recursive content discovery tool written in Rust.

All about bug bounty (bypasses, payloads, and etc)

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Ladon大型内网渗透工具，可PowerShell模块化、可CS插件化、可内存加载，无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。10.10.6内置230个功能模块,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等信息，高危漏洞检测16个含MS17010、Zimbra、Exchange