Automated NoSQL database enumeration and web application exploitation tool.

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

The Offensive Manual Web Application Penetration Testing Framework.

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

🎯 XML External Entity (XXE) Injection Payload List

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

🎯 RFI/LFI Payload List

A cross-platform python based utility for information gathering and penetration testing automation!

h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply

Second-order subdomain takeover scanner

List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity

A Security Tool for Enumerating WebSockets

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

✂️ Removing CDN IPs from the list of IP addresses

PHP Security Check List [ EN ] 🌋 ☣️

Awesome information for WebSockets security research

Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist