A vast collection of security tools for bug bounty, pentest and red teaming

#resources

38 results
Nuclei templates on offsec.tools
Sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

#cves   #fuzzing   #payloads   #resources   #scanner   #secrets   #vulnerabilities  

awesome-cve-poc on offsec.tools
awesome-cve-poc

A collection about Proof of Concepts of Common Vulnerabilities and Exposures.

#cves   #exploits   #poc   #resources   #vulnerabilities  

reapoc on offsec.tools
reapoc

OpenSource Poc && Vulnerable-Target Storage Box.

#cves   #exploits   #poc   #resources   #vulnerabilities  

TryHackMe on offsec.tools
TryHackMe

Hands-on cyber security training through real-world scenarios.

#learning   #online   #resources   #training  

Hack The Box on offsec.tools
Hack The Box

Massive hacking playground, and infosec community.

#learning   #online   #resources   #training  

DVWA on offsec.tools
DVWA

Damn Vulnerable Web Application.

#fileupload   #learning   #resources   #sqli   #training   #xss  

bWAPP on offsec.tools
bWAPP

An extremely buggy web application!.

#learning   #resources   #training   #vulnerabilities  

WebGoat on offsec.tools
WebGoat

Deliberately insecure application.

#learning   #resources   #training   #vulnerabilities  

VulnHub on offsec.tools
VulnHub

Provide materials that allows anyone to gain practical 'hands-on' experience in security.

#learning   #resources   #training   #vm   #vulnerabilities  

OWASP Juice Shop on offsec.tools
OWASP Juice Shop

Probably the most modern and sophisticated insecure web application.

#learning   #online   #resources   #training  

Can I Take Over DNS? on offsec.tools
Can I Take Over DNS?

A list of DNS providers and how to claim (sub)domains via missing hosted zones.

#dns   #resources   #subto  

windows-kernel-exploits on offsec.tools
windows-kernel-exploits

A list of Windows kernel exploits.

#cves   #exploits   #kernel   #resources   #windows  

Awesome Bug Bounty on offsec.tools
Awesome Bug Bounty

A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.

#bugbounty   #platforms   #resources   #writeups  

Bug Bounty Reference on offsec.tools
Bug Bounty Reference

A list of Bug Bounty writeups that is categorized by the bug nature.

#bugbounty   #resources   #vulnerabilities   #writeups  

Awesome BugBounty Writeups on offsec.tools
Awesome BugBounty Writeups

A curated list of bugbounty writeups (Bug type wise).

#bugbounty   #resources   #writeups  

open-sesame on offsec.tools
open-sesame

Contains HackerOne disclosed reports and other bug bounty writeups.

#bugbounty   #hackerone   #reports   #resources  

AllAboutBugBounty on offsec.tools
AllAboutBugBounty

Bug Bounty notes gathered from various sources.

#bugbounty   #cms   #framework   #payloads   #resources   #vulnerabilities  

gitscraper on offsec.tools
gitscraper

Scrapes public GitHub repositories for common naming conventions in variables, folders and files.

#directories   #endpoints   #files   #github   #parameters   #resources  

h1-search on offsec.tools
h1-search

Request the public disclosures on a specific HackerOne program.

#bugbounty   #hackerone   #reports   #resources  

Yoga on offsec.tools
Yoga

Your OSINT Graphical Analyzer.

#online   #osint   #resources   #usernames  

OWASP on offsec.tools
OWASP

A nonprofit foundation that works to improve the security of software.

#cheatsheets   #learning   #resources   #tools   #training  

PentesterLand on offsec.tools
PentesterLand

Sharing knowledge that makes your life as bug hunters and pentesters easier.

#reports   #resources   #tools   #writeups  

Hacker101 on offsec.tools
Hacker101

A free class for web security.

#hackerone   #learning   #resources   #training  

DefaultPassword on offsec.tools
DefaultPassword

Default passwords database sorted by manufacturers.

#passwords   #resources  

Exploitalert on offsec.tools
Exploitalert

Exploits found on the INTERNET.

#cves   #exploits   #resources   #vulnerabilities  

The Exploit Database on offsec.tools
The Exploit Database

Archive of public exploits and corresponding vulnerable software.

#cves   #exploits   #resources   #vulnerabilities  

Bug Bounty Guide on offsec.tools
Bug Bounty Guide

Launchpad for bug bounty programs and bug bounty hunters.

#bugbounty   #resources  

Cross-site scripting cheat sheet on offsec.tools
Cross-site scripting cheat sheet

PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.

#payloads   #resources   #xss  

Burp Extender API on offsec.tools
Burp Extender API

Burp Extender API.

#api   #burpsuite   #resources  

PortSwigger Cross-Site Scripting cheatsheet data on offsec.tools
PortSwigger Cross-Site Scripting cheatsheet data

All the XSS cheatsheet data to allow contributions from the community.

#payloads   #resources   #xss  

SecLists on offsec.tools
SecLists

Collection of multiple types of lists used during security assessments, collected in one place.

#fuzzing   #passwords   #payloads   #resources   #wordlists  

bounty-targets-data on offsec.tools
bounty-targets-data

Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.

#bugbounty   #bugcrowd   #federacy   #hackenproof   #hackerone   #intigriti   #resources   #yeswehack  

Payloads All The Things on offsec.tools
Payloads All The Things

A list of useful payloads and bypass for Web Application Security.

#bypass   #exploits   #payloads   #resources  

Can I take over XYZ? on offsec.tools
Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

#resources   #subdomains   #subto   #vulnerabilities  

Default Credentials Cheat Sheet on offsec.tools
Default Credentials Cheat Sheet

One place for all the default credentials to assist on finding devices with default password.

#passwords   #resources  

IntruderPayloads on offsec.tools
IntruderPayloads

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

#burpsuite   #fuzzing   #owasp   #resources   #wordlists  

sub-domain enumeration techniques on offsec.tools
sub-domain enumeration techniques

Esoteric sub-domain enumeration techniques - Bugcrowd LevelUp

#bugcrowd   #resources   #subdomains   #wordlists  

FuzzDB on offsec.tools
FuzzDB

Attack patterns and primitives for black-box application fault injection and resource discovery.

#fuzzing   #payloads   #resources   #wordlists