Take it like a gift

Weaponised XSS Payloads
Weaponised XSS Payloads

XSS payloads designed to turn alert(1) into P1.

DVWS
DVWS

Vulnerable application with a web service and an API.

linuxprivchecker
linuxprivchecker

A Linux privilege escalation check script.

Graphpython
Graphpython

Modular cross-platform Microsoft Graph API enumeration and exploitation toolkit.

gaussrf
gaussrf

Fetch known URLs from several sources and Filter Urls With OpenRedirection or SSRF Parameters.

fuzzuli
fuzzuli

Find critical backup files by creating a dynamic wordlist based on the domain.

linux-smart-enumeration
linux-smart-enumeration

Linux enumeration tool for pentesting and CTFs with verbosity levels.

ASNLookup
ASNLookup

Leverage ASN to look up IP addresses owned by a specific organization.

cve-search
cve-search

A tool to perform local searches for known vulnerabilities.

CeWLeR
CeWLeR

Custom word list generator redefined, based on the Scrapy framework.

Empire
Empire

Post-exploitation and adversary emulation framework that is used to aid Red Teams and pentesters.

Chimera
Chimera

Obfuscation script designed to bypass AMSI and commercial antivirus solution.

goreplay
goreplay

Capture and replay live HTTP traffic in order to continuously test your system with real data.

cheat.sh
cheat.sh

The only cheat sheet you need.

PortSwigger WebSecurity Academy
PortSwigger WebSecurity Academy

Free, online web security training from the creators of Burp Suite.