A list of useful payloads and bypass for Web Application Security and Pentest/CTF

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.

Source code for Hacker101.com - a free online web and mobile security class.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Collection of methodology and test case for various web vulnerabilities.

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

A list of web application security

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

All about bug bounty (bypasses, payloads, and etc)

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Open Source Vulnerability Management Platform

Gather and update all available and newest CVEs with their PoC.

serve as a reverse proxy to protect your web services from attacks and exploits.

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools

Advanced vulnerability scanning with Nmap NSE

🎯 Command Injection Payload List

This repository contains the scanner component for Greenbone Community Edition.