Nuclei templates on offsec.tools
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

Payloads All The Things on offsec.tools
Payloads All The Things

A list of useful payloads and bypass for Web Application Security.

resolvers on offsec.tools

The most exhaustive list of reliable DNS resolvers.

Kaeferjaeger on offsec.tools

Lists of resources: cdn ranges, ips ranges, sni ip ranges...

PwnDoc on offsec.tools

Pentest report generator.

cve on offsec.tools

Gather and update all available and newest CVEs with their PoC.

Offensive Security on offsec.tools
Offensive Security

Offensive Security Youtube channel.

Damn Vulnerable Bank on offsec.tools
Damn Vulnerable Bank

A vulnerable Android application with an interface to test your mobile hacking skills.

BugBountyHunting on offsec.tools

Search Bug Bounty writeups easily.

DEFCON on offsec.tools

The world’s most prominent and well-known computer security conferences.

GTFOBins on offsec.tools

Unix binaries that can be used to bypass local security restrictions in misconfigured systems.

LOLBAS on offsec.tools

Living Off The Land Binaries, Scripts and Libraries.

GTFOArgs on offsec.tools

Unix binaries that can be manipulated for argument injection.

LOOBins on offsec.tools

Living Off the Orchard: macOS Binaries.

Seela on offsec.tools

Boost the cybersecurity skills of your teams with the cyber knowledge library.

Fresh Resolvers on offsec.tools
Fresh Resolvers

List of fresh DNS resolvers updated every 12h.

c{api}tal on offsec.tools

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities.

nuclei-wordfence-cve on offsec.tools

Collection of Nuclei templates dedicated to WordPress core, plugins and themes vulnerabilities.

Awesome-CobaltStrike on offsec.tools

List of awesome CobaltStrike resources.

The Wordlists on offsec.tools
The Wordlists

A collection of wordlists for many different usages.

CTFd on offsec.tools

A Capture The Flag framework focusing on ease of use and customizability.

awesome-cve-poc on offsec.tools

A collection about Proof of Concepts of Common Vulnerabilities and Exposures.

reapoc on offsec.tools

OpenSource Poc && Vulnerable-Target Storage Box.

TryHackMe on offsec.tools

Hands-on cyber security training through real-world scenarios.

DVWA on offsec.tools

Damn Vulnerable Web Application.

Hack The Box on offsec.tools
Hack The Box

Massive hacking playground, and infosec community.

OWASP Juice Shop on offsec.tools
OWASP Juice Shop

Probably the most modern and sophisticated insecure web application.

VulnHub on offsec.tools

Provide materials that allows anyone to gain practical 'hands-on' experience in security.

WebGoat on offsec.tools

Deliberately insecure application.

bWAPP on offsec.tools

An extremely buggy web application!.

Can I Take Over DNS? on offsec.tools
Can I Take Over DNS?

A list of DNS providers and how to claim (sub)domains via missing hosted zones.

windows-kernel-exploits on offsec.tools

A list of Windows kernel exploits.

Awesome BugBounty Writeups on offsec.tools
Awesome BugBounty Writeups

A curated list of bugbounty writeups (Bug type wise).

Bug Bounty Reference on offsec.tools
Bug Bounty Reference

A list of Bug Bounty writeups that is categorized by the bug nature.

Awesome Bug Bounty on offsec.tools
Awesome Bug Bounty

A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.

open-sesame on offsec.tools

Contains HackerOne disclosed reports and other bug bounty writeups.

AllAboutBugBounty on offsec.tools

Bug Bounty notes gathered from various sources.

gitscraper on offsec.tools

Scrapes public GitHub repositories for common naming conventions in variables, folders and files.

h1-search on offsec.tools

Request the public disclosures on a specific HackerOne program.

Yoga on offsec.tools

Your OSINT Graphical Analyzer.

OWASP on offsec.tools

A nonprofit foundation that works to improve the security of software.

PentesterLand on offsec.tools

Sharing knowledge that makes your life as bug hunters and pentesters easier.

DefaultPassword on offsec.tools

Default passwords database sorted by manufacturers.

Hacker101 on offsec.tools

A free class for web security.

Exploitalert on offsec.tools

Exploits found on the INTERNET.

The Exploit Database on offsec.tools
The Exploit Database

Archive of public exploits and corresponding vulnerable software.

Cross-site scripting cheat sheet on offsec.tools
Cross-site scripting cheat sheet

PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.

Bug Bounty Guide on offsec.tools
Bug Bounty Guide

Launchpad for bug bounty programs and bug bounty hunters.

Burp Extender API on offsec.tools
Burp Extender API

Burp Extender API.

PortSwigger Cross-Site Scripting cheatsheet data on offsec.tools
PortSwigger Cross-Site Scripting cheatsheet data

All the XSS cheatsheet data to allow contributions from the community.

SecLists on offsec.tools

Collection of multiple types of lists used during security assessments, collected in one place.

bounty-targets-data on offsec.tools

Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.

Can I take over XYZ? on offsec.tools
Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

Default Credentials Cheat Sheet on offsec.tools
Default Credentials Cheat Sheet

One place for all the default credentials to assist on finding devices with default password.

IntruderPayloads on offsec.tools

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

sub-domain enumeration techniques on offsec.tools
sub-domain enumeration techniques

Esoteric sub-domain enumeration techniques - Bugcrowd LevelUp

FuzzDB on offsec.tools

Attack patterns and primitives for black-box application fault injection and resource discovery.