A curated list of awesome Python frameworks, libraries, software and resources

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

Capture The Flag | HackTheBox | OSCP | Bug Bounty Hunting | Jobs

🌐Collate and develop network security, Hackers technical documentation and tools, code.

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

A collection of open source and commercial tools that aid in red team operations.

Bypass WAF SQL Injection

Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)

XRay is a tool for recon, mapping and OSINT gathering from public networks.

Dark Web OSINT Tool

This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes through your Burpsuite instance will be replicated in the hi…

📱 Wire for iOS (iPhone and iPad)

Web and mobile application security training platform

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering.

Burp Suite Extension to monitor new scope

📱 objection - runtime mobile exploration

Apple BLE research

A collection of android security related resources

A curated list of awesome malware analysis tools and resources.

Popular Android threats in 2019

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Burp Extension for AWS Signing

A Python Framework For NoSQL Scanning and Exploitation

A static analysis security vulnerability scanner for Ruby on Rails applications

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Burp extension helps in finding blind xss vulnerabilities

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

NodeJsScan is a static security code scanner for Node.js applications.