Stars
A Curated list of Security Resources for all connected things
Evilginx Phishing Infrastructure Setup Guide - Securing Evilginx and Gophish Infrastructure, Removing IOCs, Phishing TTPs
RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs)
A web crawling tool which tests websites for SSL, Cookies and ADA compliance and also suggests ways to fix them.
A powerful scanner to scan your Filesystem, S3, MySQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.
These are my checklists which I use during my hunting.
This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite".
Tracking my progress for 100 days learning something new daily....
⚡ Worlds fastest steghide cracker, chewing through millions of passwords per second ⚡
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…
Enumerate the permissions associated with AWS credential set
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
🐬 A collection of awesome resources for the Flipper Zero device.
This repo includes ChatGPT prompt curation to use ChatGPT and other LLM tools better.
Interactive roadmaps, guides and other educational content to help developers grow in their careers.
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
A curated list of resources related to Industrial Control System (ICS) security.
Sample images for testing Exif metadata retrieval.
Attack and defend active directory using modern post exploitation adversary tradecraft activity
One rule to crack all passwords. or atleast we hope so.
😺 Running Hashcat on Google Colab with session backup and restore.
Collection of methodology and test case for various web vulnerabilities.