A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

A list of public penetration test reports published by several consulting firms and academic security groups.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve…

Gather and update all available and newest CVEs with their PoC.

Jupyter notebooks for teaching/learning Python 3

A collection of several hundred online tools for OSINT

Automagically reverse-engineer REST APIs via capturing traffic

Automate the creation of a lab environment complete with security tooling and logging best practices

Official OWASP Top 10 Document Repository

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.

extract text from any document. no muss. no fuss.

Dirty COW

Windows Events Attack Samples

A demo of overriding what's in a person's clipboard

CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.

A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.

A curated list of useful resources that cover Offensive AI.

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Utilities for MITRE™ ATT&CK

the transparent ransomware claim tracker 🥷🏼🧅🖥️

碎遮SZhe_Scan Web漏洞扫描器，基于python Flask框架，对输入的域名/IP进行全面的信息搜集，漏洞扫描，可自主添加POC

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifa…

My CTF journey since 2015. Stats, writeups, code snippets, notes, challenges.

Yet another static code analyzer for malicious Android applications

Zero-day and N-day security vulnerability notes, analysis, and proof-of-concepts

Tool Analysis Result Sheet

The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another.

Elemental - An ATT&CK Threat Library