Open-source alternatives to XSS Payloads

Research was done to find "weak places" in regular expressions of Web Application Firewalls (WAFs). Repository contains SAST, which can help you to find security vulnerabilities in custom regular expressions in own projects. Contribution is highly welcomed. This repo was first presented during…

This project is a community-driven directory that aggregates and categorizes high-quality technical resources, tools, and learning materials. It functions as a centralized knowledge management repository, designed to help developers navigate the software development landscape by providing structured access to curated lists and external project references. The directory relies on a collaborative, peer-reviewed workflow where external contributors submit and maintain links through a version-controlled system. This community-maintained approach ensures that the information remains current and re

Aggressor scripts for use with Cobalt Strike 3.0+

This wiki is intended to provide a resource for setting up a resilient Red Team infrastructure. It was made to complement Steve Borosh (@424f424f) and Jeff Dimmock's (@bluscreenofjeff) BSides NoVa 2017 talk "Doomsday Preppers: Fortifying Your Red Team Infrastructure" (slides)

This project is a WPA Wi-Fi cracking toolkit designed for capturing authentication handshakes and recovering WPA/WPA2 passwords. It provides specialized utilities for scanning wireless networks, obfuscating hardware addresses, and generating password lists to facilitate security audits. The toolkit differentiates itself through a focused workflow that combines handshake capture tools with a password wordlist generator. It enables the interception of the four-way authentication process between wireless clients and access points and utilizes these captured credentials for recovery via dictionar

A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.

This project is a community-driven directory that serves as a comprehensive index of command-line tools, frameworks, and resources. It functions as a curated knowledge base designed to help users discover software for enhancing terminal environments and streamlining daily development tasks. The collection is maintained through an open-source contribution model, where community members manually verify and organize resources into structured categories. This collaborative approach ensures the directory remains a reliable reference for finding specialized utilities, alternative shell implementati

Open Redirect Payloads

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

Blackbone is a collection of specialized tools for memory scanning, process injection, and kernel-driver interfaces used to manipulate the Windows execution environment. It provides a framework for executing remote code, mapping portable executable images, and managing threads across different process boundaries. The project includes a kernel memory driver to access kernel memory and modify handle rights to hide allocations from user-mode detection. It also features a library for intercepting function calls in remote processes using software interrupts and hardware breakpoints. The toolkit c

A collective list of public APIs for use in security. Contributions welcome

:computer: :coffee: List of Awesome Hacking Locations, organised by Country and City, listing if it features power and wifi

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

This project is a bug bounty resource directory, vulnerability research cheatsheet, and web security payload library. It serves as a centralized collection of curated payloads and common attack vectors used to identify security vulnerabilities in web applications. The repository provides a directory of platforms, books, and tools to support vulnerability discovery skills. It includes a reference for tested payloads and techniques used to trigger bugs and identify vulnerabilities during security audits. The content covers web application pentesting, security vulnerability testing, and general

A collection of awesome penetration testing resources, tools and other shiny things

A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development

Git All the Payloads! A collection of web attack payloads.

A container repository for my public web hacks!