| Argument Injection Vectors |
[Website] |
[Source] |
Curated list of exploitable options when dealing with argument injection bugs and association between CVEs and vectors |
Free |
| azure-mindmap |
|
[Source] |
Mindmap listing all possible compromise paths when faced with an Azure environment during a cloud security engagement |
Free |
| Bootloaders |
[Website] |
[Source] |
Curated list of known malicious bootloaders for various operating systems |
Free |
| bounty-targets-data |
|
[Source] |
Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports |
Free |
| Bug Bounty Guide |
[Website] |
[Source] |
Launchpad for bug bounty programs and bug bounty hunters |
Free |
| Bug Bounty Hunting |
[Website] |
|
Search engine for bug bounty writeups, payloads and tips |
Free |
| Bug Bounty Reference |
|
[Source] |
A list of bug bounty write-up that is categorized by the bug nature |
Free |
| C2 Matrix |
|
[Source] |
A table comparing most C2 frameworks |
Free |
| Can I take over XYZ? |
|
[Source] |
List of services and how to claim (sub)domains with dangling DNS records |
Free |
| Cloud Security Atlas |
[Website] |
|
Risk register for cloud threats and vulnerabilities, search and filter by cloud provider platform, risk type, and sort by impact, exploitability, and recency |
Free |
| Cloudvulndb |
[Website] |
|
List all known cloud vulnerabilities and CSP security issues |
Free |
| CSP Bypass Search |
[Website] |
[Source] |
Helps bypass restrictive domain whitelist based CSP and exploit XSS vulnerabilities |
Free |
| ctf-tools |
|
[Source] |
Setup scripts for security tools |
Free |
| CXSECURITY |
[Website] |
|
Exploit index |
Free |
| deepdarkCTI |
|
[Source] |
Collection of Cyber Threat Intelligence sources from the deep and dark web |
Free |
| DefaultPassword |
[Website] |
|
Default passwords for many devices and services |
Free |
| dioterms |
[Website] |
[Source] |
Vulnerability disclosure policy templates; terms for Vulnerability Disclosure Policy (VDP) and Bug Bounty Policy (BBP) |
Free |
| Exploit Database |
[Website] |
|
Exploit index; aka EDB or Exploit-DB; can be searched from the CLI with searchploit, sploitctl, getsploit and many other third party tools |
Free |
| Exploitalert |
[Website] |
|
Exploit index; semi-automatic intelligence supervised by a human operator to find publicly available exploits in the Internet |
Free |
| Extended BApp Store |
[Website] |
|
Burp Suite extensions search engine |
Free |
| Filesec.io |
[Website] |
|
Curated list of file extensions being used by attackers |
Free |
| findsecuritycontacts.com |
[Website] |
[Source] |
List of security contacts for websites extracted from security.txt and dnssecuritytxt |
Free |
| Forensics Wiki |
[Website] |
|
Forensics tips and tools |
Free |
| fuzzdb |
[Website] |
|
Dictionaries of fault injection patterns, predictable resource locations, and regex for matching server responses |
Free |
| GHDB |
[Website] |
|
Google Hacking Database; Collection of google dorks |
Free |
| GraphQL Threat Matrix |
|
[Source] |
GraphQL threat framework to research security gaps in GraphQL implementations; documente features and limits of various engines |
Free |
| GTFOBins |
[Website] |
[Source] |
Curated list/cheatsheet of Unix binaries that can be exploited by an attacker to bypass local security restrictions, obtain shells, read files |
Free |
| Guifre |
[Website] |
|
Security, system and network cheatsheets |
Free |
| Hacking the cloud |
|
[Source] |
Encyclopedia of the attacks/tactics/techniques for offensive cloud exploitation |
Free |
| HackTricks |
[Website] |
[Source] |
Guide and cheatsheet for pentesting: shell, linux exploitation, windows exploitation, mobile app pentesting, network pentesting, web pentesting, binary exploit, forensics, crypto, backdoor, etc. |
Free |
| HackTricks Cloud |
[Website] |
[Source] |
Guide and cheatsheet for cloud pentesting: CI/CD, Kubernetes, GCP, GWS, AWS, Azure, Digital Ocean, IBM Cloud, etc. |
Free |
| Havoc store |
[Website] |
[Source] |
Havoc modules and extensions store |
Free |
| HijackLibs |
[Website] |
[Source] |
Tracking publicly disclosed DLL hijacking opportunities |
Free |
| HTML5 Security Cheatsheet |
[Website] |
|
XSS vector making use of HTML5, HTML4, CSS, DOM, UFT7, SVG, JSON, etc ... |
Free |
| Internal All The Things |
[Website] |
[Source] |
Active Directory, internal infrastructure and cloud penetration test, red team cheatsheets |
Free |
| Kaonashi |
|
[Source] |
Wordlist, hashcat rules and hashcat masks from Kaonashi project (RootedCON 2019) |
Free |
| Linux kernel syscall tables |
[Website] |
[Source] |
Browsable linux kernel syscall tables built with Systrack |
Free |
| LOFLCAB |
[Website] |
[Source] |
Living off the Foreign Land Cmdlets and Binaries; curated list of cmdlets and binaries that are capable of performing activities from the local Windows system to a remote system |
Free |
| LOLAPPS |
[Website] |
[Source] |
Living Off The Land Applications; curated list of applications that have been used & abused for adversarial gain |
Free |
| LOLBAS |
[Website] |
[Source] |
Living Off The Land Binaries and Scripts; curated list/cheatsheet of Windows binaries that can be exploited by an attacker to bypass local security restrictions, obtain shells, read files |
Free |
| LOLDrivers |
[Website] |
[Source] |
Living Off The Land Drivers; curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks |
Free |
| LOLOL |
[Website] |
|
Living Off the Living Off the Land; collection of curated list/cheatsheet of commands and other resources that can be abused or allow security bypass on various environments |
Free |
| LOOBins |
[Website] |
[Source] |
Living Off the Orchard macOS Binaries; curated list/cheatsheet of macOS binaries that can be exploited by an attacker for malicious purpose |
Free |
| LOTHardware |
[Website] |
|
Living Off The Hardware; curated list of guidance for offensive hardware and offensive devices |
Free |
| LOTS |
[Website] |
|
Living Off Trusted Sites; curated list of popular legitimate domains used by attackers to conduct phishing, C&C, exfiltration and downloading tools to evade detection |
Free |
| MalAPI |
[Website] |
|
Maps Windows APIs to common techniques used by malware |
Free |
| Malware Traffic Analysis |
[Website] |
|
Malware traffic analysis blog and pastebin posts with pcap and malware samples attached; traffic analysis exercises |
Free |
| MD5 maxmin record |
[Website] |
|
Collection of various extremes of MD5 hashes |
Free |
| MDN - Event reference |
[Website] |
|
DOM Events reference, useful for XSS |
Free |
| MichMich |
[Website] |
|
Personal pentest notes and cheat sheets |
Free |
| Microsoft Wont-Fix-List |
|
[Source] |
List of vulnerabilities or design flaws Microsoft does not intend to fix |
Free |
| NetSPI SQL Injection Wiki |
[Website] |
[Source] |
A wiki knowledge base focused on SQL injection for various DBMS |
Free |
| Packet Storm |
[Website] |
|
Exploit index and security news |
Free |
| Payloads All The Things |
[Website] |
[Source] |
A list of useful payloads and bypass for Web Application Security and Pentest/CTF |
Free |
| Pentesting Azure Mindmap |
|
[Source] |
Mindmap to get the Global Admin access for Azure penetration tests |
Free |
| persistence-info |
[Website] |
[Source] |
Curated list of techniques to gain Windows persistence |
Free |
| Portswigger - XSS cheat sheet |
[Website] |
|
XSS cheat sheet containing many vectors that can help bypassing WAFs and filters |
Free |
| Priv2Admin |
|
[Source] |
Exploitation paths allowing to use the Windows Privileges to elevate rights within the OS |
Free |
| Privacy Tools |
[Website] |
[Source] |
Website that provides knowledge and tools to protect your privacy against global mass surveillance |
Free |
| Probable Wordlists |
|
[Source] |
Password lists sorted by probability originally created for password generation and testing |
Free |
| PTES |
[Website] |
|
The penetration testing execution standard covers all steps related to a penetration test |
Free |
| Red Teaming and Malware Analysis |
[Website] |
|
Notes on red teaming, pentest and malware analysis |
Free |
| Red Teaming Tactics and Techniques |
[Website] |
[Source] |
Exploring Red Teaming tactics and techniques, some of the common offensive security techniques involving gaining code execution, lateral movement, persistence and more |
Free |
| RubyFu |
[Website] |
[Source] |
Offensive Ruby book |
Free |
| SecLists |
|
[Source] |
Collection of multiple types of lists used during security assessments, collected in one place; include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, etc. |
Free |
| Security Certification Roadmap |
[Website] |
[Source] |
Map referencing all security certifications existing in several categories: Implementation, Architecture, Management, Analysis, Defensive Operations, Offensive Operations |
Free |
| Sploitus |
[Website] |
|
Exploit search engine (PacketStorm, Exploit-DB, 0day.today, etc.) and tools search engine (KitPloit) |
Free |
| SSH Hardening Guides |
[Website] |
|
Guides to hardening SSH on various systems |
Free |
| SSL Checklist for Pentesters (Explore Security) |
[Website] |
|
List of SSL/TLS checks that can be performed manually with OpenSSL or a web browser |
Free |
| StegOnline checklist |
[Website] |
[Source] |
CTF Image Steganography Checklist |
Free |
| The Bug Hunter's Methodology |
|
[Source] |
A collection of tips, tricks, tools, analysis and notes related to web application security assessments and more specifically towards bug hunting in bug bounties |
Free |
| The Hacker Recipes |
[Website] |
|
Guide and knowledge base for pentesting: active directory services, servers, web services, intelligence gathering, physical intrusion, social engineering, phishing, mobile apps |
Free |
| The Hacking Tool Trove |
[Website] |
|
THTT; tools cheat sheets, tools command examples, tools references |
Free |
| TIBER-EU |
[Website] |
|
European framework for threat intelligence-based ethical red-teaming |
Free |
| Unprotect |
[Website] |
|
Database of information about malware evasion techniques |
Free |
| Vergilius |
[Website] |
|
A collection of Microsoft Windows kernel structures, unions and enumerations; most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) headers |
Free |
| VOID |
[Website] |
|
Verica Open Incident Database; community-contributed collection of software-related incident reports |
Free |
| VRT |
[Website] |
[Source] |
Bugcrowd Vulnerability Rating Taxonomy (VRT) provides a baseline vulnerability priority scale for bug hunters and organizations |
Free |
| vx-underground |
[Website] |
|
Collection of malware source code, samples, and papers |
Free |
| WADComs |
[Website] |
[Source] |
Interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments |
Free |
| WEAKPASS |
[Website] |
|
Index of wordlists for brute-force attacks |
Free |
| Windows & Active Directory Exploitation Cheat Sheet and Command Reference |
[Website] |
|
Windows & Active Directory exploitation: enumeration, exploitation, lateral movement, privilege escalation, persistence, domain persistence, post-exploitation |
Free |
| WTFBins |
[Website] |
[Source] |
Curated list of legitimate binaries that behaves exactly like malware |
Free |
| XSS Payloads |
[Website] |
|
Provides advanced XSS payload, tools and documentation about XSS |
Free |
