OSS-Fuzz - continuous fuzzing for open source software.

This repo contains all the injections mentioned in my talk and enumerators.

Nucke documentation

Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.

Create business apps and automate workflows in minutes. Supports PostgreSQL, MySQL, MariaDB, MSSQL, MongoDB, Rest API, Docker, K8s, and more 🚀 No code / Low code platform..

A next-generation crawling and spidering framework.

Ethereum smart contract fuzzer

Impacket is a collection of Python classes for working with network protocols.

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

Automating Host Exploitation with AI

the only cheat sheet you need

Ariadne: Binary Ninja Graph Analysis Plugin

Ultimate DevSecOps library

Invoke is a leading creative engine for Stable Diffusion models, empowering professionals, artists, and enthusiasts to generate and create visual media using the latest AI-driven technologies. The …

A curated list of high quality coding style conventions and standards.

A tool to inspect and attack version 1 GUIDs

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Semgrep rules for smart contracts based on DeFi exploits

Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.

Utility program to perform multiple operations for a given subnet/CIDR ranges.

A collection of various awesome lists for hackers, pentesters and security researchers

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

A Workflow Engine for Offensive Security

webhook is a lightweight incoming webhook server to run shell commands

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

PoC for the CVE-2021-4034 vulnerability, affecting polkit < 0.120.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve…

Shellcode injection technique. Given as C++ header, standalone Rust program or library.