A utility for arming (creating) many bees (micro EC2 instances) to attack (load test) targets (web applications).

Common User Passwords Profiler (CUPP)

Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.

Automatically install some web hacking/bug bounty tools.

Prototype Pollution and useful Script Gadgets

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

A collection of awesome one-liner scripts especially for bug bounty tips.

Pwn stuff.

A collection of tools to perform searches on GitHub.

Magic hashes – PHP hash "collisions"

Checklist of the most important security countermeasures when designing, testing, and releasing your API

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Browser's XSS Filter Bypass Cheat Sheet

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Bypassing disabled exec functions in PHP (c) CRLF

Web CTF CheatSheet 🐈

Stealing Wi-Fi passwords via browser's cache poisoning.

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

Perform a MitM attack and extract clear text credentials from RDP connections

A list of interesting payloads, tips and tricks for bug bounty hunters.