#
Starred repositories
Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and so on
Semgrep rules for smart contracts based on DeFi exploits
Quickly open your favorite Web IDE to review the selected smart contract codebase
Hardhat is a development environment to compile, deploy, test, and debug your Ethereum software.
BDD Automated Security Tests for Web Applications
Collection of tools for analyzing open source packages.
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
This project is about creating and publishing threat model examples.
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
Checklist of the most important security countermeasures when designing, creating, testing your web/mobile application
⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
Top 100 Hacking & Security E-Books (Free Download)
This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite".
Deliberately vulnerable AWS resources for security assessment demos
My personal notes and exercises for my GIAC-GWEB certification exam.
nodejsscan is a static security code scanner for Node.js applications.
Azure Security Resources and Notes
The ultimate WinRM shell for hacking/pentesting
💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
This tool can be used to brute discover GET and POST parameters
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose
PortSwigger / j2ee-scan
Forked from ilmila/J2EEScanJ2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.
A collection of various awesome lists for hackers, pentesters and security researchers