A vast collection of security tools for bug bounty, pentest and red teaming
Community curated list of templates for the Nuclei engine to find security vulnerabilities.
Can I Take Over DNS?
A list of DNS providers and how to claim (sub)domains via missing hosted zones.
Awesome Bug Bounty
A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.
Scrapes public GitHub repositories for common naming conventions in variables, folders and files.
Cross-site scripting cheat sheet
PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.
PortSwigger Cross-Site Scripting cheatsheet data
All the XSS cheatsheet data to allow contributions from the community.
Collection of multiple types of lists used during security assessments, collected in one place.
Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.
Default Credentials Cheat Sheet
One place for all the default credentials to assist on finding devices with default password.
Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Attack patterns and primitives for black-box application fault injection and resource discovery.