Community curated list of templates for the Nuclei engine to find security vulnerabilities.
Contains HackerOne disclosed reports and other bug bounty writeups.
A fun, free platform for learning modern cryptography.
The Damn Vulnerable Router Firmware project.
The ultimate Vulnerability Disclosure Policy and Bug Bounty list!
Lists CVEs that are currently being discussed on the social network Mastodon.
Join the front line of the internet, learn applicable cyber security skills.
Test your knowledge on cyber security and practice for industry recognised certifications.
A curated list of free courses & certifications.
Fetches latest bug bounty programs from many platforms and consolidates them in one place.
The most exhaustive list of reliable DNS resolvers.
Lists of resources: cdn ranges, ips ranges, sni ip ranges...
Pentest report generator.
Gather and update all available and newest CVEs with their PoC.
Offensive Security Youtube channel.
A vulnerable Android application with an interface to test your mobile hacking skills.
Search Bug Bounty writeups easily.
The world’s most prominent and well-known computer security conferences.
Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
Living Off The Land Binaries, Scripts and Libraries.
Unix binaries that can be manipulated for argument injection.
Living Off the Orchard: macOS Binaries.
Boost the cybersecurity skills of your teams with the cyber knowledge library.
List of fresh DNS resolvers updated every 12h.
A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities.
Collection of Nuclei templates dedicated to WordPress core, plugins and themes vulnerabilities.
List of awesome CobaltStrike resources.
A collection of wordlists for many different usages.
A Capture The Flag framework focusing on ease of use and customizability.
A collection about Proof of Concepts of Common Vulnerabilities and Exposures.
OpenSource Poc && Vulnerable-Target Storage Box.
Hands-on cyber security training through real-world scenarios.
Damn Vulnerable Web Application.
Massive hacking playground, and infosec community.
Probably the most modern and sophisticated insecure web application.
Provide materials that allows anyone to gain practical 'hands-on' experience in security.
Deliberately insecure application.
An extremely buggy web application!.
A list of DNS providers and how to claim (sub)domains via missing hosted zones.
A list of Windows kernel exploits.
A curated list of bugbounty writeups (Bug type wise).
A list of Bug Bounty writeups that is categorized by the bug nature.
A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.
Bug Bounty notes gathered from various sources.
Scrapes public GitHub repositories for common naming conventions in variables, folders and files.
Request the public disclosures on a specific HackerOne program.
Your OSINT Graphical Analyzer.
A nonprofit foundation that works to improve the security of software.
Sharing knowledge that makes your life as bug hunters and pentesters easier.
Default passwords database sorted by manufacturers.
A free class for web security.
Exploits found on the INTERNET.
Archive of public exploits and corresponding vulnerable software.
PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.
Launchpad for bug bounty programs and bug bounty hunters.
Burp Extender API.
All the XSS cheatsheet data to allow contributions from the community.
Collection of multiple types of lists used during security assessments, collected in one place.
Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.
A list of useful payloads and bypass for Web Application Security.
A list of services and how to claim (sub)domains with dangling DNS records.
One place for all the default credentials to assist on finding devices with default password.
Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Esoteric sub-domain enumeration techniques - Bugcrowd LevelUp
Attack patterns and primitives for black-box application fault injection and resource discovery.