A vast collection of security tools for bug bounty, pentest and red teaming
#resources

Nuclei templates
Community curated list of templates for the Nuclei engine to find security vulnerabilities.










Can I Take Over DNS?
A list of DNS providers and how to claim (sub)domains via missing hosted zones.


Awesome Bug Bounty
A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.





gitscraper
Scrapes public GitHub repositories for common naming conventions in variables, folders and files.










Cross-site scripting cheat sheet
PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.


PortSwigger Cross-Site Scripting cheatsheet data
All the XSS cheatsheet data to allow contributions from the community.

SecLists
Collection of multiple types of lists used during security assessments, collected in one place.

bounty-targets-data
Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.



Default Credentials Cheat Sheet
One place for all the default credentials to assist on finding devices with default password.

IntruderPayloads
Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.


FuzzDB
Attack patterns and primitives for black-box application fault injection and resource discovery.