OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Automatic SQL injection and database takeover tool

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Web Pentesting Fuzz 字典,一个就够了。

Web path scanner

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

hydra

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Attack Surface Management Platform

A swiss army knife for pentesting networks

A collection of hacking tools, resources and references to practice ethical hacking.

The Official Bash Bunny Payload Repository

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Phishing Tool & Information Collector

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

The Official USB Rubber Ducky Payload Repository

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet