1076 Open source projects that are alternatives of or similar to HolyTips

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Good resources about web security that I have read.

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

CloudFlare Checker written in Go

A tool to test security of json web token

Pentest/BugBounty progress control with scanning modules

Automated Red Team Infrastructure deployement using Docker

Powerfull XSS Scanning and Parameter analysis tool&gem

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

This challenge is Inon Shkedy's 31 days API Security Tips.

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Full Nuclei automation script with logic explanation.

Yet Another PHP Shell - The most complete PHP reverse shell

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Dockerized ASP.NET Core Web API app in Heroku

An automated approach to performing recon for bug bounty hunting and penetration testing.

BugBounty_CheatSheet

🎯 Server Side Template Injection Payloads

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

🦄🔒 Awesome list of secrets in environment variables 🖥️

Tool for catching and logging different types of requests.

The ONLY hacker friendly proxy for webapp pentests.

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

Related subdomains finder

Turn your VPS into an attack box

Pentest: Subdomains enumeration tool for penetration testers.

Find exploits in local and online databases instantly

A Tool for Domain Flyovers

Misc. Public Reports of Penetration Testing and Security Audits.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

PHP Security Check List [ EN ] 🌋 ☣️

A fast DOM based XSS vulnerability scanner with simplicity.

Pentest/BugBounty progress control with scanning modules

DNS hijacking via dead records automation tool

🎯 XML External Entity (XXE) Injection Payload List

渗透测试☞经验/思路/总结/想法/笔记

🎯 SQL Injection Payload List

Tutorials and Things to Do while Hunting Vulnerability.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Penetration tests guide based on OWASP including test cases, resources and examples.

Framework for rapid development and reusable of security tools

🎯 RFI/LFI Payload List

RFD Checker - security CLI tool to test Reflected File Download issues

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

Common Web Managers Fuzz Wordlists

A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.

The meta-framework suite designed from scratch for frontend-focused modern web development.

Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.

Memories which vanish

A Blockchain Management System, powered by bcoin

An image classification app boilerplate to serve your deep learning models asap!

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

🇺🇦 React wrapper for FlagKit Flag Icons