#resources

Nuclei templates on offsec.tools
Sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

Payloads All The Things on offsec.tools
Featured
Payloads All The Things

A list of useful payloads and bypass for Web Application Security.

resolvers on offsec.tools
resolvers

The most exhaustive list of reliable DNS resolvers.

Kaeferjaeger on offsec.tools
Kaeferjaeger

Lists of resources: cdn ranges, ips ranges, sni ip ranges...

PwnDoc on offsec.tools
PwnDoc

Pentest report generator.

cve on offsec.tools
cve

Gather and update all available and newest CVEs with their PoC.

Offensive Security on offsec.tools
Offensive Security

Offensive Security Youtube channel.

Damn Vulnerable Bank on offsec.tools
Damn Vulnerable Bank

A vulnerable Android application with an interface to test your mobile hacking skills.

BugBountyHunting on offsec.tools
BugBountyHunting

Search Bug Bounty writeups easily.

DEFCON on offsec.tools
DEFCON

The world’s most prominent and well-known computer security conferences.

GTFOBins on offsec.tools
GTFOBins

Unix binaries that can be used to bypass local security restrictions in misconfigured systems.

LOLBAS on offsec.tools
LOLBAS

Living Off The Land Binaries, Scripts and Libraries.

GTFOArgs on offsec.tools
GTFOArgs

Unix binaries that can be manipulated for argument injection.

LOOBins on offsec.tools
LOOBins

Living Off the Orchard: macOS Binaries.

Seela on offsec.tools
Seela

Boost the cybersecurity skills of your teams with the cyber knowledge library.

Fresh Resolvers on offsec.tools
Fresh Resolvers

List of fresh DNS resolvers updated every 12h.

c{api}tal on offsec.tools
c{api}tal

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities.

nuclei-wordfence-cve on offsec.tools
nuclei-wordfence-cve

Collection of Nuclei templates dedicated to WordPress core, plugins and themes vulnerabilities.

Awesome-CobaltStrike on offsec.tools
Awesome-CobaltStrike

List of awesome CobaltStrike resources.

The Wordlists on offsec.tools
The Wordlists

A collection of wordlists for many different usages.

CTFd on offsec.tools
CTFd

A Capture The Flag framework focusing on ease of use and customizability.

awesome-cve-poc on offsec.tools
awesome-cve-poc

A collection about Proof of Concepts of Common Vulnerabilities and Exposures.

reapoc on offsec.tools
reapoc

OpenSource Poc && Vulnerable-Target Storage Box.

TryHackMe on offsec.tools
TryHackMe

Hands-on cyber security training through real-world scenarios.

DVWA on offsec.tools
DVWA

Damn Vulnerable Web Application.

Hack The Box on offsec.tools
Hack The Box

Massive hacking playground, and infosec community.

OWASP Juice Shop on offsec.tools
OWASP Juice Shop

Probably the most modern and sophisticated insecure web application.

VulnHub on offsec.tools
VulnHub

Provide materials that allows anyone to gain practical 'hands-on' experience in security.

WebGoat on offsec.tools
WebGoat

Deliberately insecure application.

bWAPP on offsec.tools
bWAPP

An extremely buggy web application!.

Can I Take Over DNS? on offsec.tools
Can I Take Over DNS?

A list of DNS providers and how to claim (sub)domains via missing hosted zones.

windows-kernel-exploits on offsec.tools
windows-kernel-exploits

A list of Windows kernel exploits.

Awesome BugBounty Writeups on offsec.tools
Awesome BugBounty Writeups

A curated list of bugbounty writeups (Bug type wise).

Bug Bounty Reference on offsec.tools
Bug Bounty Reference

A list of Bug Bounty writeups that is categorized by the bug nature.

Awesome Bug Bounty on offsec.tools
Awesome Bug Bounty

A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.

open-sesame on offsec.tools
open-sesame

Contains HackerOne disclosed reports and other bug bounty writeups.

AllAboutBugBounty on offsec.tools
AllAboutBugBounty

Bug Bounty notes gathered from various sources.

gitscraper on offsec.tools
gitscraper

Scrapes public GitHub repositories for common naming conventions in variables, folders and files.

h1-search on offsec.tools
h1-search

Request the public disclosures on a specific HackerOne program.

Yoga on offsec.tools
Yoga

Your OSINT Graphical Analyzer.

OWASP on offsec.tools
OWASP

A nonprofit foundation that works to improve the security of software.

PentesterLand on offsec.tools
PentesterLand

Sharing knowledge that makes your life as bug hunters and pentesters easier.

DefaultPassword on offsec.tools
DefaultPassword

Default passwords database sorted by manufacturers.

Hacker101 on offsec.tools
Hacker101

A free class for web security.

Exploitalert on offsec.tools
Exploitalert

Exploits found on the INTERNET.

The Exploit Database on offsec.tools
The Exploit Database

Archive of public exploits and corresponding vulnerable software.

Cross-site scripting cheat sheet on offsec.tools
Cross-site scripting cheat sheet

PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.

Bug Bounty Guide on offsec.tools
Bug Bounty Guide

Launchpad for bug bounty programs and bug bounty hunters.

Burp Extender API on offsec.tools
Burp Extender API

Burp Extender API.

PortSwigger Cross-Site Scripting cheatsheet data on offsec.tools
PortSwigger Cross-Site Scripting cheatsheet data

All the XSS cheatsheet data to allow contributions from the community.

SecLists on offsec.tools
SecLists

Collection of multiple types of lists used during security assessments, collected in one place.

bounty-targets-data on offsec.tools
bounty-targets-data

Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.

Can I take over XYZ? on offsec.tools
Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

Default Credentials Cheat Sheet on offsec.tools
Default Credentials Cheat Sheet

One place for all the default credentials to assist on finding devices with default password.

IntruderPayloads on offsec.tools
IntruderPayloads

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

sub-domain enumeration techniques on offsec.tools
sub-domain enumeration techniques

Esoteric sub-domain enumeration techniques - Bugcrowd LevelUp

FuzzDB on offsec.tools
FuzzDB

Attack patterns and primitives for black-box application fault injection and resource discovery.