A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A collection of design patterns/idioms in Python

CTFs as you need them

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Top disclosed reports from HackerOne

Flaskr: Intro to Flask, Test-Driven Development (TDD), and JavaScript

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

Damn Small Vulnerable Web

An intentionally designed broken web application based on REST API.

🐋 Ansible playbook which helps you host various FOSS services as Docker containers on your own server

A hacking tool for bug bounties. Sharing and modifying is encouraged!

Remarkable Markdown Debian Package Fix

A powerful pentesting tool for proactive detection and exploitation of dependency confusion vulnerabilities in Node.js projects. Enhance your security assessments and protect against potential atta…

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Black Hat Python, 2nd Edition - Justin Seitz & Tim Arnold