Links

An attempt to sort stuff in different categories

Browsers / Browser extensions

• https://github.com/fransr/postMessage-tracker

Bugbounty

• https://github.com/EdOverflow/bugbounty-cheatsheet
• https://github.com/arkadiyt/bounty-targets-data
• https://github.com/ngalongc/bug-bounty-reference
• https://github.com/streaak/keyhacks
• https://github.com/nahamsec/lazys3

Burp

• https://github.com/putsi/privatecollaborator
• https://github.com/vulnersCom/burp-vulners-scanner.git
• https://github.com/PortSwigger/hackability
• https://github.com/PortSwigger/turbo-intruder

Cloud

AWS

• https://github.com/RhinoSecurityLabs/pacu
• https://github.com/aws-samples/ec2-classic-resource-finder

Azure

• ??

Crypto

• https://github.com/ciphey/ciphey
• https://github.com/dariusztytko/jwt-key-id-injector
• https://github.com/dariusztytko/token-reverser
• https://github.com/brendan-rius/c-jwt-cracker
• https://github.com/nccgroup/featherduster
• https://github.com/g2jun/RC4-Python

Decompilers

Java

• https://github.com/leibnitz27/cfr

Dorking

Github

• https://github.com/techgaun/github-dorks

Google

• https://github.com/JohnTroony/Google-dorks/

Shodan

• https://github.com/jakejarvis/awesome-shodan-queries

Frida

• https://github.com/0xdea/frida-scripts
• https://github.com/as0ler/frida-scripts
• https://github.com/iddoeldor/frida-snippets
• https://github.com/interference-security/frida-scripts
• https://github.com/rubaljain/frida-jb-bypass
• https://gitlab.com/roxanagogonea/frida-scripts.git

Fuzzing

• https://github.com/ffuf/ffuf
• https://github.com/0verpwn/Fuzzing
• https://github.com/Darkkey/erlamsa
• https://github.com/Darkkey/erlserial.git
• https://github.com/attekett/NodeFuzz
• https://github.com/sxcurity/theftfuzzer
• https://github.com/OJ/gobuster.git
• https://github.com/google/honggfuzz
• https://github.com/iljavs/sctpfuzz
• https://github.com/iljavs/tcpfuzz
• https://isic.sourceforge.net/
• https://github.com/AFLplusplus/AFLplusplus

Hardware

Wireless

• https://github.com/RCayre/mirage

Bluetooth/BLE

• https://github.com/virtualabs/btlejack
• https://github.com/nccgroup/BLE-Replay
• https://github.com/nccgroup/BLESuite
• https://github.com/greatscottgadgets/ubertooth

Hydrabus

• https://github.com/hydrabus/DumpFlash-Hydrabus

Proxmark / RFID

• https://github.com/rfidresearchgroup/proxmark3
• https://lab401.com/blogs/academy/know-your-magic-cards

SDR

• https://iqengine.org/

Mobile

• https://github.com/randorisec/MobileHackingCheatSheet
• https://github.com/ptswarm/reFlutter
• https://github.com/randorisec/MobileHackingCheatSheet
• https://github.com/dpnishant/appmon

Android

• https://www.github.com/maaaaz/androwarn
• https://github.com/1d8/Android-Analysis
• https://github.com/B3nac/InjuredAndroid
• https://github.com/sensepost/objection
• https://github.com/shroudedcode/apk-mitm
• https://github.com/ndelphit/apkurlgrep
• https://github.com/oversecured/ovaa

iOS

• https://github.com/AloneMonkey/frida-ios-dump
• https://github.com/mwrlabs/needle.git
• https://github.com/FSecureLABS/needle-agent
• https://github.com/KJCracks/Clutch
• https://github.com/DerekSelander/dsdump
• https://github.com/sensepost/objection
• https://github.com/bhagyas/app-urls
• https://github.com/faffi/ioscachedump
• https://github.com/ivRodriguezCA/RE-iOS-Apps
• https://github.com/ptoomey3/Keychain-Dumper
• https://github.com/stefanesser/dumpdecrypted
• https://github.com/ouspg/urlhandlers
• https://github.com/ijoshsmith/swift-deep-linking
• https://github.com/NyaMisty/fouldecrypt
• https://github.com/Moonisky/NibFileViewer

Xamarin

• https://github.com/securitygrind/lz4_decompress
• https://github.com/xamarin/xamarin-forms-samples

Passwords etc.

• https://github.com/magnumripper/JohnTheRipper
• https://github.com/netbiosX/Default-Credentials

Payloads etc.

• https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads
• https://github.com/7ioSecurity/XSS-Payloads.git
• https://github.com/danielmiessler/SecLists.git
• https://github.com/jvesiluoma/wordlists
• https://github.com/jvesiluoma/WeirdMiscScripts
• https://github.com/cujanovic/Markdown-XSS-Payloads
• https://github.com/foospidy/payloads.git
• https://github.com/swisskyrepo/PayloadsAllTheThings
• https://github.com/payloadbox/command-injection-payload-list
• https://github.com/payloadbox/xss-payload-list
• https://github.com/ptswarm/ptswarm-twitter
• https://github.com/pwntester/ysoserial.net
• https://github.com/fuzzdb-project/fuzzdb.git
• https://github.com/mattias-ohlsson/eicar-standard-antivirus-test-files
• https://github.com/damianrusinek/zip-bomb
• https://github.com/SecWiki/windows-kernel-exploits
• https://github.com/quentinhardy/scriptsAndExploits
• https://github.com/akiraaisha/PNG-IDAT-chunks
• https://github.com/alcuadrado/hieroglyphy
• https://github.com/chinarulezzz/pixload
• https://github.com/tengzhangchao/Struts2_045-Poc.git
• https://github.com/quentinhardy/scriptsAndExploits
• https://github.com/FireFart/W3TotalCacheExploit.git
• https://github.com/0xSobky/HackVault
• https://github.com/catalyst256/Netscaler-Cookie-Decryptor
• https://github.com/ianare/exif-samples
• https://github.com/pentestmonkey/php-reverse-shell
• https://github.com/neex/gifoeb
• https://github.com/psmet/BIGip-cookie-decoder
• https://github.com/joaomatosf/jexboss
• https://github.com/mzer0one/CVE-2020-7961-POC
• https://github.com/chvancooten/OSEP-Code-Snippets/
• https://github.com/yassineaboukir/CVE-2018-0296.git
• https://github.com/shaunmclernon/ghostcat-verification

Recon / Scanners / tools / etc.

• https://github.com/Ullaakut/cameradar
• https://github.com/0xn0ne/weblogicScanner
• https://github.com/0x25/pyScan
• https://github.com/C0RB3N/subjs
• https://github.com/zxgio/r2-cheatsheet
• https://github.com/blechschmidt/massdns
• https://github.com/brandonskerritt/RustScan
• https://github.com/tomnomnom/waybackurls
• https://github.com/ozguralp/gmapsapiscanner/
• https://github.com/google/tsunami-security-scanner
• https://github.com/gelim/censys
• https://github.com/christophetd/censys-subdomain-finder
• https://github.com/dark-warlord14/LinkFinder
• https://github.com/anshumanbh/tko-subs
• https://github.com/maK-/parameth
• https://github.com/WebBreacher/tilde_enum
• https://github.com/eth0izzle/bucket-stream
• https://github.com/fgeek/pyfiscan
• https://github.com/quentinhardy/odat
• https://gitlab.com/dee-see/graphql-path-enum
• https://leakix.net/graph

Git / SVN / others

• https://github.com/Plazmaz/leaky-repo
• https://github.com/zricethezav/gitleaks
• https://github.com/anantshri/svn-extractor.git
• https://github.com/m4ll0k/SecretFinder.git

Reverse-engineering

• https://github.com/Col-E/Recaf
• https://github.com/zxgio/r2-cheatsheet

Shells etc.

• https://github.com/jpillora/chisel
• https://github.com/xct/xc

SSH

• https://github.com/atthorst/sshd-mina-example
• https://github.com/keathmilligan/sshdtest
• https://github.com/rapid7/ssh-badkeys/

TLS/SSL/and then some

• https://github.com/tls-attacker/TLS-Attacker
• https://github.com/drwetter/testssl.sh
• https://github.com/mozilla/cipherscan

vim <3

• https://github.com/amix/vimrc
• https://github.com/whatyouhide/vim-gotham

WWW- External resources

• https://m0chan.github.io/
• https://code-byter.com/

Training targets / Writeups / Documents

• https://github.com/dogangcr/vulnerable-sso
• https://github.com/GrrrDog/ZeroNights-HackQuest-2016.git
• https://github.com/infosecn1nja/AD-Attack-Defense
• https://github.com/r0eXpeR/redteam_vul
• https://github.com/n3k/Pentest
• https://github.com/fireeye/red_team_tool_countermeasures
• https://github.com/whoisflynn/OSCP-Exam-Report-Template

NOT SORTED YET

https://github.com/Arno0x/DNSExfiltrator
https://github.com/DeepakPawar95/cswsh
https://github.com/Ganapati/RsaCtfTool
https://github.com/IOActive/RepoSsessed
https://github.com/KathanP19/JSFScan.sh
https://github.com/MindPointGroup/cloudfrunt
https://github.com/NickstaDB/DeserLab
https://github.com/Smaash/snitch
https://github.com/SpiderLabs/Nmap-Tools.git
https://github.com/abhi-r3v0/Adhrit
https://github.com/andresriancho/enumerate-iam
https://github.com/andresriancho/nimbostratus.git
https://github.com/appsecco/bugcrowd-levelup-subdomain-enumeration
https://github.com/arch4ngel/simple_https_server
https://github.com/atomicbird/momdec
https://github.com/christophetd/CloudFlair
https://github.com/codingo/Interlace.git
https://github.com/cujanovic/SSRF-Testing/
https://github.com/cure53/HTTPLeaks
https://github.com/danielebailo/couchdb-dump
https://github.com/dariusztytko/token-reverser
https://github.com/defparam/h1passets
https://github.com/diego-treitos/linux-smart-enumeration
https://github.com/disclose/disclose
https://github.com/dxa4481/XSSJacking.git
https://github.com/epinna/tplmap.git
https://github.com/erlang/rebar3.git
https://github.com/gehaxelt/Python-dsstore
https://github.com/hakimel/reveal.js
https://github.com/iagox86/dnscat2.git
https://github.com/infosec-au/altdns.git
https://github.com/j0bin/Pentest-Resources
https://github.com/j3ssie/IPOsint
https://github.com/jmortega/osint_tools_security_auditing
https://github.com/jordanpotti/AWSBucketDump
https://github.com/lich4/personal_script
https://github.com/mandatoryprogrammer/cloudflare_enum
https://github.com/mandatoryprogrammer/xssless.git
https://github.com/maurosoria/dirsearch
https://github.com/mazen160/GithubCloner.git
https://github.com/mhmdiaa/web-events
https://github.com/misterch0c/twitterBFTD
https://github.com/mncoppola/rpef
https://github.com/msantos/procket.git
https://github.com/mthbernardes/rsg
https://github.com/nahamsec/JSParser
https://github.com/onelogin/python3-saml
https://github.com/openstack/bandit
https://github.com/phishai/idn_generator
https://github.com/pingidentity/pingidentity-docker-builds
https://github.com/ptoomey3/evilarc
https://github.com/quarkslab/AERoot
https://github.com/rebootuser/LinEnum
https://github.com/rgerganov/xxe-example
https://github.com/saleyn/erlexec
https://github.com/samyk/quickjack
https://github.com/smicallef/spiderfoot
https://github.com/sp1d3r/swf_json_csrf/
https://github.com/stevenvachon/broken-link-checker
https://github.com/swisskyrepo/GraphQLmap
https://github.com/swisskyrepo/SSRFmap
https://github.com/sxcurity/230-OOB
https://github.com/tarunkant/Gopherus
https://github.com/ucsb-seclab/BootStomp
https://github.com/vulnersCom/nmap-vulners
https://github.com/vysec/CloudFrontHijacks