#resources

Nuclei templates
sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

HackTricks
featured
HackTricks

Find trick/technique/whatever learnt from CTFs, real life apps, reading researches, and news.

Damn Vulnerable RESTaurant
Damn Vulnerable RESTaurant

An intentionally vulnerable web API game for learning and training purposes.

endoflife.date
endoflife.date

Informative site with EoL dates of everything.

cheat.sh
cheat.sh

The only cheat sheet you need.

MITRE ATT&CK
MITRE ATT&CK

Knowledge base of adversary tactics and techniques based on real-world observations.

metasploitable
metasploitable

VM that is built from the ground up with a large amount of security vulnerabilities.

GOAD
GOAD

Game of Active Directory.

CRYPTOHACK
CRYPTOHACK

A fun, free platform for learning modern cryptography.

DVRF
DVRF

The Damn Vulnerable Router Firmware project.

FireBounty
FireBounty

The ultimate Vulnerability Disclosure Policy and Bug Bounty list!

cvecrowd.com
cvecrowd.com

Lists CVEs that are currently being discussed on the social network Mastodon.

HackingHub
HackingHub

Join the front line of the internet, learn applicable cyber security skills.

CyberSec Quizzes
CyberSec Quizzes

Test your knowledge on cyber security and practice for industry recognised certifications.

Free Certifications
Free Certifications

A curated list of free courses & certifications.

bbradar.io
bbradar.io

Fetches latest bug bounty programs from many platforms and consolidates them in one place.

resolvers
resolvers

The most exhaustive list of reliable DNS resolvers.

Kaeferjaeger
Kaeferjaeger

Lists of resources: cdn ranges, ips ranges, sni ip ranges...

PwnDoc
PwnDoc

Pentest report generator.

cve
cve

Gather and update all available and newest CVEs with their PoC.

Offensive Security
Offensive Security

Offensive Security Youtube channel.

Damn Vulnerable Bank
Damn Vulnerable Bank

A vulnerable Android application with an interface to test your mobile hacking skills.

BugBountyHunting
BugBountyHunting

Search Bug Bounty writeups easily.

DEFCON
DEFCON

The world’s most prominent and well-known computer security conferences.

GTFOBins
GTFOBins

Unix binaries that can be used to bypass local security restrictions in misconfigured systems.

LOLBAS
LOLBAS

Living Off The Land Binaries, Scripts and Libraries.

GTFOArgs
GTFOArgs

Unix binaries that can be manipulated for argument injection.

LOOBins
LOOBins

Living Off the Orchard: macOS Binaries.

Seela
Seela

Boost the cybersecurity skills of your teams with the cyber knowledge library.

Fresh Resolvers
Fresh Resolvers

List of fresh DNS resolvers updated every 12h.

c{api}tal
c{api}tal

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities.

nuclei-wordfence-cve
nuclei-wordfence-cve

Collection of Nuclei templates dedicated to WordPress core, plugins and themes vulnerabilities.

Awesome-CobaltStrike
Awesome-CobaltStrike

List of awesome CobaltStrike resources.

The Wordlists
The Wordlists

A collection of wordlists for many different usages.

CTFd
CTFd

A Capture The Flag framework focusing on ease of use and customizability.

awesome-cve-poc
awesome-cve-poc

A collection about Proof of Concepts of Common Vulnerabilities and Exposures.

reapoc
reapoc

OpenSource Poc && Vulnerable-Target Storage Box.

TryHackMe
TryHackMe

Hands-on cyber security training through real-world scenarios.

DVWA
DVWA

Damn Vulnerable Web Application.

Hack The Box
Hack The Box

Massive hacking playground, and infosec community.

OWASP Juice Shop
OWASP Juice Shop

Probably the most modern and sophisticated insecure web application.

VulnHub
VulnHub

Provide materials that allows anyone to gain practical 'hands-on' experience in security.

WebGoat
WebGoat

Deliberately insecure application.

bWAPP
bWAPP

An extremely buggy web application!.

Can I Take Over DNS?
Can I Take Over DNS?

A list of DNS providers and how to claim (sub)domains via missing hosted zones.

windows-kernel-exploits
windows-kernel-exploits

A list of Windows kernel exploits.

Awesome BugBounty Writeups
Awesome BugBounty Writeups

A curated list of bugbounty writeups (Bug type wise).

Bug Bounty Reference
Bug Bounty Reference

A list of Bug Bounty writeups that is categorized by the bug nature.

Awesome Bug Bounty
Awesome Bug Bounty

A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.

open-sesame
open-sesame

Contains HackerOne disclosed reports and other bug bounty writeups.

AllAboutBugBounty
AllAboutBugBounty

Bug Bounty notes gathered from various sources.

gitscraper
gitscraper

Scrapes public GitHub repositories for common naming conventions in variables, folders and files.

h1-search
h1-search

Request the public disclosures on a specific HackerOne program.

Yoga
Yoga

Your OSINT Graphical Analyzer.

OWASP
OWASP

A nonprofit foundation that works to improve the security of software.

PentesterLand
PentesterLand

Sharing knowledge that makes your life as bug hunters and pentesters easier.

DefaultPassword
DefaultPassword

Default passwords database sorted by manufacturers.

Hacker101
Hacker101

A free class for web security.

Exploitalert
Exploitalert

Exploits found on the INTERNET.

The Exploit Database
The Exploit Database

Archive of public exploits and corresponding vulnerable software.

Cross-site scripting cheat sheet
Cross-site scripting cheat sheet

PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.

Bug Bounty Guide
Bug Bounty Guide

Launchpad for bug bounty programs and bug bounty hunters.

Burp Extender API
Burp Extender API

Burp Extender API.

PortSwigger Cross-Site Scripting cheatsheet data
PortSwigger Cross-Site Scripting cheatsheet data

All the XSS cheatsheet data to allow contributions from the community.

SecLists
SecLists

Collection of multiple types of lists used during security assessments, collected in one place.

bounty-targets-data
bounty-targets-data

Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.

Payloads All The Things
Payloads All The Things

A list of useful payloads and bypass for Web Application Security.

Can I take over XYZ?
Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

Default Credentials Cheat Sheet
Default Credentials Cheat Sheet

One place for all the default credentials to assist on finding devices with default password.

IntruderPayloads
IntruderPayloads

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

sub-domain enumeration techniques
sub-domain enumeration techniques

Esoteric sub-domain enumeration techniques - Bugcrowd LevelUp

FuzzDB
FuzzDB

Attack patterns and primitives for black-box application fault injection and resource discovery.