Stars
Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.
A curated list of resources for blockchain engineers
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
OSX and iOS related security tools
A curated list of the most common and most interesting robots.txt disallowed directories.
Plazmaz / Sublist3r
Forked from aboul3la/Sublist3rFast subdomains enumeration tool for penetration testers
A guide to smart contract security best practices
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
SSRF (Server Side Request Forgery) testing resources
Manage applets and keys on JavaCard-s like a pro 🌐 🔐
A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose
Collection of the most common vulnerabilities found in iOS applications
🐶 A curated list of Web Security materials and resources.
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…
A collection of various awesome lists for hackers, pentesters and security researchers
Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
A collection of all the lists, scripts and techniques I use while doing web application penetration tests.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
The DetectDynamicJS Burp Extension provides an additional passive scanner that tries to find differing content in JavaScript files and aid in finding user/session data.
Tools for auditing WAFS
SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
ReflectShield is a simple to use, ruleless IDS/IPS, against reflected XSS and SQL injection attacks