#resources

Nuclei templates
Community curated list of templates for the Nuclei engine to find security vulnerabilities.







Damn Vulnerable Bank
A vulnerable Android application with an interface to test your mobile hacking skills.



GTFOBins
Unix binaries that can be used to bypass local security restrictions in misconfigured systems.







nuclei-wordfence-cve
Collection of Nuclei templates dedicated to WordPress core, plugins and themes vulnerabilities.













Can I Take Over DNS?
A list of DNS providers and how to claim (sub)domains via missing hosted zones.




Awesome Bug Bounty
A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.



gitscraper
Scrapes public GitHub repositories for common naming conventions in variables, folders and files.









Cross-site scripting cheat sheet
PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.



PortSwigger Cross-Site Scripting cheatsheet data
All the XSS cheatsheet data to allow contributions from the community.

SecLists
Collection of multiple types of lists used during security assessments, collected in one place.

bounty-targets-data
Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.


Default Credentials Cheat Sheet
One place for all the default credentials to assist on finding devices with default password.

IntruderPayloads
Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.


FuzzDB
Attack patterns and primitives for black-box application fault injection and resource discovery.