🐛 A list of writeups from the Google VRP Bug Bounty program

Fundamentals of kernel modules for FreeBSD and Linux

An example C program which contains vulnerable code for common types of vulnerabilities. It can be used to show fuzzing concepts.

Fast linters runner for Go

Gryffin is a large scale web security scanning platform.

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

Set of antianalysis techniques found in malware

🤖 The Modern Port Scanner 🤖

🔒 Chromium's HSTS preload list submission website.

Scan for misconfigured S3 buckets across S3-compatible APIs!

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

In-depth attack surface mapping and asset discovery

Fetch many paths for many hosts - without killing the hosts

Lightweight and extensible horizontal vulnerability scanner

A vulnerable blogging platform used to demonstrate XSS vulnerabilities.

Build two PDFs that have different content but identical SHA1 sums.

Proof of concept for CVE-2020-5902

A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)

InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.

mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development

A list of web application security

A curated list of awesome reversing resources

Animation of the SHA-256 hash function in your terminal.

Web-based check for Windows privesc vulnerabilities

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report