Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.

Automatic Enumeration Tool based in Open Source tools

Contextual Content Discovery Tool

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Prototype Pollution and useful Script Gadgets

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

nodejsscan is a static security code scanner for Node.js applications.

Prototype Pollution Scanner

The all-in-one browser extension for offensive security professionals 🛠

SQL Injection Exploitation Tool

jSQL Injection is a Java application for automatic SQL database injection.

Automatic SQL injection and database takeover tool

Windows Local Privilege Escalation from Service Account to System

Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.

Linux enumeration tool for pentesting and CTFs with verbosity levels

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Linux privilege escalation auditing tool

Scripted Local Linux Enumeration & Privilege Escalation Checks

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Active Directory and Internal Pentest Cheatsheets

Hunt down social media accounts by username across social networks

hydra

Most advanced XSS scanner.

🎯 Command Injection Payload List

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…