A vast collection of security tools for bug bounty, pentest and red teaming


Nuclei templates on offsec.tools
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

awesome-cve-poc on offsec.tools

A collection about Proof of Concepts of Common Vulnerabilities and Exposures.

reapoc on offsec.tools

OpenSource Poc && Vulnerable-Target Storage Box.

TryHackMe on offsec.tools

Hands-on cyber security training through real-world scenarios.

Hack The Box on offsec.tools
Hack The Box

Massive hacking playground, and infosec community.

DVWA on offsec.tools

Damn Vulnerable Web Application.

bWAPP on offsec.tools

An extremely buggy web application!.

WebGoat on offsec.tools

Deliberately insecure application.

VulnHub on offsec.tools

Provide materials that allows anyone to gain practical 'hands-on' experience in security.

OWASP Juice Shop on offsec.tools
OWASP Juice Shop

Probably the most modern and sophisticated insecure web application.

Can I Take Over DNS? on offsec.tools
Can I Take Over DNS?

A list of DNS providers and how to claim (sub)domains via missing hosted zones.

windows-kernel-exploits on offsec.tools

A list of Windows kernel exploits.

Awesome Bug Bounty on offsec.tools
Awesome Bug Bounty

A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.

Bug Bounty Reference on offsec.tools
Bug Bounty Reference

A list of Bug Bounty writeups that is categorized by the bug nature.

Awesome BugBounty Writeups on offsec.tools
Awesome BugBounty Writeups

A curated list of bugbounty writeups (Bug type wise).

open-sesame on offsec.tools

Contains HackerOne disclosed reports and other bug bounty writeups.

AllAboutBugBounty on offsec.tools

Bug Bounty notes gathered from various sources.

gitscraper on offsec.tools

Scrapes public GitHub repositories for common naming conventions in variables, folders and files.

h1-search on offsec.tools

Request the public disclosures on a specific HackerOne program.

Yoga on offsec.tools

Your OSINT Graphical Analyzer.

OWASP on offsec.tools

A nonprofit foundation that works to improve the security of software.

PentesterLand on offsec.tools

Sharing knowledge that makes your life as bug hunters and pentesters easier.

Hacker101 on offsec.tools

A free class for web security.

DefaultPassword on offsec.tools

Default passwords database sorted by manufacturers.

Exploitalert on offsec.tools

Exploits found on the INTERNET.

The Exploit Database on offsec.tools
The Exploit Database

Archive of public exploits and corresponding vulnerable software.

Bug Bounty Guide on offsec.tools
Bug Bounty Guide

Launchpad for bug bounty programs and bug bounty hunters.

Cross-site scripting cheat sheet on offsec.tools
Cross-site scripting cheat sheet

PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.

Burp Extender API on offsec.tools
Burp Extender API

Burp Extender API.

PortSwigger Cross-Site Scripting cheatsheet data on offsec.tools
PortSwigger Cross-Site Scripting cheatsheet data

All the XSS cheatsheet data to allow contributions from the community.

SecLists on offsec.tools

Collection of multiple types of lists used during security assessments, collected in one place.

bounty-targets-data on offsec.tools

Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.

Payloads All The Things on offsec.tools
Payloads All The Things

A list of useful payloads and bypass for Web Application Security.

Can I take over XYZ? on offsec.tools
Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

Default Credentials Cheat Sheet on offsec.tools
Default Credentials Cheat Sheet

One place for all the default credentials to assist on finding devices with default password.

IntruderPayloads on offsec.tools

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

sub-domain enumeration techniques on offsec.tools
sub-domain enumeration techniques

Esoteric sub-domain enumeration techniques - Bugcrowd LevelUp

FuzzDB on offsec.tools

Attack patterns and primitives for black-box application fault injection and resource discovery.