Active Directory and Internal Pentest Cheatsheets

Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Hardware/IOT Pentesting Wiki

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337

lolC2 is a collection of C2 frameworks that leverage legitimate services to evade detection

🐱‍💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...

DPULSE - Tool for complex approach to domain OSINT

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

MalQR is a collection of malicious QR Codes and Barcodes you can use to test the security of your scanners.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

notes 2016-present

Pentest focused NixOS config

K8博客 k8gege.org

Sploit -- All-in-one, AI-powered cybersecurity toolkit for web, network, and phishing tests. Modular, cross-platform, Docker-ready, with GUI & CLI. Open source by AUX-441 Team.

A passive online scanner from OWTF

"Repeater" style XSS post-exploitation tool for mass browser control. Primarily a PoC to show why HttpOnly flag isn't a complete protection against session hijacking via XSS

A permanently free and open source knowledge base for cyber security | 一个永久免费 、开源的网络安全知识库

This repository documents my path from cybersecurity enthusiast to a skilled bug bounty hunter. Here, I share the tools, resources, techniques, and real-world insights I've gathered along the way, aimed at uncovering vulnerabilities and improving application security.