A vast collection of security tools for bug bounty, pentest and red teaming

#resources

Nuclei templates on offsec.tools
Sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

awesome-cve-poc on offsec.tools
awesome-cve-poc

A collection about Proof of Concepts of Common Vulnerabilities and Exposures.

reapoc on offsec.tools
reapoc

OpenSource Poc && Vulnerable-Target Storage Box.

TryHackMe on offsec.tools
TryHackMe

Hands-on cyber security training through real-world scenarios.

Hack The Box on offsec.tools
Hack The Box

Massive hacking playground, and infosec community.

DVWA on offsec.tools
DVWA

Damn Vulnerable Web Application.

bWAPP on offsec.tools
bWAPP

An extremely buggy web application!.

WebGoat on offsec.tools
WebGoat

Deliberately insecure application.

VulnHub on offsec.tools
VulnHub

Provide materials that allows anyone to gain practical 'hands-on' experience in security.

OWASP Juice Shop on offsec.tools
OWASP Juice Shop

Probably the most modern and sophisticated insecure web application.

Can I Take Over DNS? on offsec.tools
Can I Take Over DNS?

A list of DNS providers and how to claim (sub)domains via missing hosted zones.

windows-kernel-exploits on offsec.tools
windows-kernel-exploits

A list of Windows kernel exploits.

Awesome Bug Bounty on offsec.tools
Awesome Bug Bounty

A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.

Bug Bounty Reference on offsec.tools
Bug Bounty Reference

A list of Bug Bounty writeups that is categorized by the bug nature.

Awesome BugBounty Writeups on offsec.tools
Awesome BugBounty Writeups

A curated list of bugbounty writeups (Bug type wise).

open-sesame on offsec.tools
open-sesame

Contains HackerOne disclosed reports and other bug bounty writeups.

AllAboutBugBounty on offsec.tools
AllAboutBugBounty

Bug Bounty notes gathered from various sources.

gitscraper on offsec.tools
gitscraper

Scrapes public GitHub repositories for common naming conventions in variables, folders and files.

h1-search on offsec.tools
h1-search

Request the public disclosures on a specific HackerOne program.

Yoga on offsec.tools
Yoga

Your OSINT Graphical Analyzer.

OWASP on offsec.tools
OWASP

A nonprofit foundation that works to improve the security of software.

PentesterLand on offsec.tools
PentesterLand

Sharing knowledge that makes your life as bug hunters and pentesters easier.

Hacker101 on offsec.tools
Hacker101

A free class for web security.

DefaultPassword on offsec.tools
DefaultPassword

Default passwords database sorted by manufacturers.

Exploitalert on offsec.tools
Exploitalert

Exploits found on the INTERNET.

The Exploit Database on offsec.tools
The Exploit Database

Archive of public exploits and corresponding vulnerable software.

Bug Bounty Guide on offsec.tools
Bug Bounty Guide

Launchpad for bug bounty programs and bug bounty hunters.

Cross-site scripting cheat sheet on offsec.tools
Cross-site scripting cheat sheet

PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.

Burp Extender API on offsec.tools
Burp Extender API

Burp Extender API.

PortSwigger Cross-Site Scripting cheatsheet data on offsec.tools
PortSwigger Cross-Site Scripting cheatsheet data

All the XSS cheatsheet data to allow contributions from the community.

SecLists on offsec.tools
SecLists

Collection of multiple types of lists used during security assessments, collected in one place.

bounty-targets-data on offsec.tools
bounty-targets-data

Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.

Payloads All The Things on offsec.tools
Payloads All The Things

A list of useful payloads and bypass for Web Application Security.

Can I take over XYZ? on offsec.tools
Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

Default Credentials Cheat Sheet on offsec.tools
Default Credentials Cheat Sheet

One place for all the default credentials to assist on finding devices with default password.

IntruderPayloads on offsec.tools
IntruderPayloads

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

sub-domain enumeration techniques on offsec.tools
sub-domain enumeration techniques

Esoteric sub-domain enumeration techniques - Bugcrowd LevelUp

FuzzDB on offsec.tools
FuzzDB

Attack patterns and primitives for black-box application fault injection and resource discovery.