Identify technology on websites.

w3af: web application attack and audit framework, the open source web vulnerability scanner.

The Magic Mask for Android

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

HTML5 website template

A collaborative list of awesome proxy servers and resources. Feel free to contribute!

Automated pentest framework for offensive security experts

Automated Adversary Emulation

Curated list of design and UI resources from stock photos, web templates, CSS frameworks, UI libraries, tools and much more

Moloch is an open source, large scale, full packet capturing, indexing, and database system.

A static analyzer for Java, C, C++, and Objective-C

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

Community curated list of template files for the nuclei engine to find security vulnerability and fingerprinting the targets.

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to…

Binary instrumentation framework based on FRIDA

Get your hands dirty.

Run your own recursive DNS resolver

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

A completely free, open source and online course about Reverse Engineering iOS Applications.

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

A polyglot payload generator

Prospect is an Outlook mail desktop client powered by Electron

Advanced information gathering & OSINT framework for phone numbers

A hosted disposable email telegram bot; Extremely privacy friendly; Proudly hosted for community.

GPL licenced Android Expense Tracking App

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Get ports,vulnerabilities,informations,banners,..etc for any IP with Shodan (no apikey! no rate-limit!)

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.