• Stars
    star
    148
  • Rank 249,983 (Top 5 %)
  • Language
  • Created over 3 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

eWPT Preparation by Joas

Recon and Enumeration Domain

https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6

https://medium.com/qualityholics/ewpt-exam-review-tips-8a4d9cebf5f9

https://elearnsecurity.com/uncategorized/pentesting-101-fingerprinting-continued/

https://pentester.land/cheatsheets/2018/11/14/subdomains-enumeration-cheatsheet.html

https://www.youtube.com/watch?v=TmK0Zpggz48&ab_channel=SemiYulianto

https://www.youtube.com/watch?v=d8zwXxixz5Y&ab_channel=HacktifyCyberSecurity

https://resources.infosecinstitute.com/topic/how-to-create-a-subdomain-enumeration-toolkit/

https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/recon-and-osint/subdomain-enumeration

https://spyse.com/blog/information-gathering/how-to-find-subdomains-instantly

https://book.hacktricks.xyz/external-recon-methodology

https://github.com/KingOfBugbounty/KingOfBugBountyTips

https://www.youtube.com/watch?v=amihlWTtkMA&ab_channel=Nahamsec

https://www.youtube.com/watch?v=o8L2nweiF1s&ab_channel=InsiderPhD

https://medium.com/@ehsahil/recon-my-way-82b7e5f62e21

https://portswigger.net/blog/finding-your-first-bug-bounty-hunting-tips-from-the-burp-suite-community

https://null-byte.wonderhowto.com/how-to/conduct-recon-web-target-with-python-tools-0198114/

https://www.infosecmatter.com/bug-bounty-tips/

https://hackbotone.medium.com/10-recon-tools-for-bug-bounty-bafa8a5961bd

https://www.youtube.com/watch?v=Hnz1d4WmD5Y&ab_channel=HackerSploit

https://www.youtube.com/watch?v=bewbdPvs_g8&ab_channel=Conda

Social Networks

https://www.linkedin.com/in/joas-antonio-dos-santos/

Wordpress Attacks and Other CMS Vulnerability

https://book.hacktricks.xyz/pentesting/pentesting-web/wordpress

https://securityboulevard.com/2020/03/penetration-testing-for-wordpress-websites/

https://www.getastra.com/blog/security-audit/wordpress-penetration-testing/

https://deliciousbrains.com/wordpress-penetration-testing/

https://hackertarget.com/attacking-wordpress/

https://secure.wphackedhelp.com/blog/wordpress-security-tips-2019/

https://github.com/timashana/WordPress-Pentesting

https://github.com/jguerrero12/WordPress-Pentesting

https://github.com/whuang8/wordpress-pentests

https://github.com/magnimusprime/WordPress-Pentesting

https://www.infosecmatter.com/cms-vulnerability-scanners-for-wordpress-joomla-drupal-moodle-typo3/

https://www.acunetix.com/vulnerability-scanner/cms-vulnerability-scanner/

https://linuxsecurity.expert/security-tools/cms-vulnerability-scanners

https://medium.com/@rohitaher023/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security-5aef8d10227b

https://github.com/gajos112/OSCP/blob/master/CMS%20Vulnerability%20Scanners

BurpSuite

https://portswigger.net/burp/documentation/desktop/penetration-testing

https://www.youtube.com/watch?v=N-IKHmGjf2c&ab_channel=Bugcrowd

https://www.youtube.com/watch?v=G3hpAeoZ4ek&ab_channel=JohnHammond

https://www.youtube.com/watch?v=_XUQ7etMCT8&ab_channel=TutorialsPoint%28India%29Ltd.

https://www.youtube.com/watch?v=h2duGBZLEek&ab_channel=Bugcrowd

https://www.youtube.com/watch?v=Chql4bNE6_g&ab_channel=CyberFrat

https://www.youtube.com/watch?v=57559arUG3c&ab_channel=PortSwigger

https://www.youtube.com/watch?v=cyWmZ2WgnEE

https://www.youtube.com/watch?v=c0h3aciBIyQ&ab_channel=Vicky%27sBlog

https://www.youtube.com/watch?v=mibKttwhbRk&ab_channel=InsiderPhD

https://www.youtube.com/watch?v=iG7003AC8ys&ab_channel=webpwnized

https://www.youtube.com/watch?v=oWRseGm-a6I&ab_channel=KacperSzurekEN

https://www.youtube.com/watch?v=-6uPHcLj4oU&ab_channel=Hacksplained

https://portswigger.net/blog/20-burp-suite-tips-from-the-burp-user-community

ClickJacking Attacking

https://owasp.org/www-community/attacks/Clickjacking

https://portswigger.net/web-security/clickjacking

https://www.hacksplaining.com/prevention/click-jacking

https://resh.com.br/blog/realizando-bypass-no-cabecalho-x-frame-options/

https://auth0.com/blog/preventing-clickjacking-attacks/

https://www.synopsys.com/glossary/what-is-clickjacking.html

https://www.youtube.com/watch?v=jcp5t8PsMsY&ab_channel=HackerOne

https://www.youtube.com/watch?v=Pdc5KJfOQpI&ab_channel=Hacksplaining

https://www.youtube.com/watch?v=FEflwAIlLmg&ab_channel=Gomahamaya

https://www.youtube.com/watch?v=mso5FSWEtdo&ab_channel=VERILOGCOURSETEAM

https://www.youtube.com/watch?v=LEdwUGsffwY&ab_channel=MichaelSommer

https://www.youtube.com/watch?v=Zm1lQAQOqJ0&ab_channel=MichaelSommer

Session Hijacking

https://owasp.org/www-community/attacks/Session_hijacking_attack

https://www.youtube.com/watch?v=fxrCJNQ96Kg&ab_channel=intrigano

https://www.youtube.com/watch?v=OriuOtSCUpo&ab_channel=MarcosHenrique

https://www.youtube.com/watch?v=sqMCPxwzIf8&ab_channel=PluralsightIT-TrainingArchive

https://us.norton.com/internetsecurity-id-theft-session-hijacking.html

https://www.venafi.com/blog/what-session-hijacking

https://www.imperva.com/learn/application-security/session-hijacking/

https://www.globalsign.com/en/blog/session-hijacking-and-how-to-prevent-it

https://motilia.com/-/session-hijacking-xss-csrf

https://medium.com/stolabs/stored-xss-session-hijacking-20faf069ef4

https://www.youtube.com/watch?v=wbgOzImzAfg&ab_channel=D4RKR0N

https://www.youtube.com/watch?v=HQdCgooETXw&ab_channel=InfiniteLogins

https://www.youtube.com/watch?v=nJrH7HaiMPI&ab_channel=HackingTeacher

https://www.agiratech.com/xss-csrf-and-session-hijacking

FingerPrinting

https://pentestlab.blog/2012/08/01/web-application-fingerprinting/

https://pentestlab.files.wordpress.com/2012/11/automated-web-application-fingerprinting.pdf

https://www.youtube.com/watch?v=_k9Bsppz4A8&ab_channel=TheHacktivists

https://www.youtube.com/watch?v=_k9Bsppz4A8&ab_channel=TheHacktivists

https://www.youtube.com/watch?v=8WrluFRoJhs&ab_channel=BlackHat

https://null-byte.wonderhowto.com/how-to/fingerprint-web-apps-servers-for-better-recon-more-successful-hacks-0302807/

https://www.m2sys.com/blog/cloud-computing/three-ways-of-biometric-authentication-in-web-application/

https://www.youtube.com/watch?v=PAPaGTFSXK4&ab_channel=TheHacktivists

SQL Injection & Types and SQLMap

https://www.geeksforgeeks.org/authentication-bypass-using-sql-injection-on-login-page/#:~:text=SQL%20injection%20is%20a%20technique,that%20might%20destroy%20your%20database.

https://sechow.com/bricks/docs/login-1.html

https://portswigger.net/support/using-sql-injection-to-bypass-authentication

https://www.youtube.com/watch?v=RXBlTgsawdI&ab_channel=CyberSecurityTV

https://www.youtube.com/watch?v=b4Wn0n6LBcM&ab_channel=shadsluiter

https://www.youtube.com/watch?v=6O4NuKA0pSI&ab_channel=zSecurity

https://www.devmedia.com.br/sql-injection-em-ambientes-web/9733

https://www.guru99.com/learn-sql-injection-with-practical-example.html

http://www.securityidiots.com/Web-Pentest/SQL-Injection/bypass-login-using-sql-injection.html

https://www.sqlinjection.net/login/

https://owasp.org/www-community/attacks/Blind_SQL_Injection

https://portswigger.net/web-security/sql-injection/blind

https://www.netsparker.com/blog/web-security/how-blind-sql-injection-works/

https://infosecwriteups.com/out-of-band-oob-sql-injection-87b7c666548b

https://www.acunetix.com/blog/articles/sqli-part-6-out-of-band-sqli/

https://www.youtube.com/watch?v=soPDfYl2Ef8&ab_channel=RanaKhalil

https://www.youtube.com/watch?v=6Ei7wX1cp5k&ab_channel=RanaKhalil

https://www.youtube.com/watch?v=KOaDan0UqFs&ab_channel=RanaKhalil

https://portswigger.net/web-security/sql-injection/blind/lab-out-of-band

https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/out-of-band-sql-injection/

CSRF

https://www.youtube.com/watch?v=HTgyif6u5RY&ab_channel=RanaKhalil

https://cobalt.io/blog/a-pentesters-guide-to-cross-site-request-forgery-csrf

https://book.hacktricks.xyz/pentesting-web/csrf-cross-site-request-forgery

https://www.youtube.com/watch?v=dMwxIHIabeg&ab_channel=TutorialsPoint%28India%29Ltd.

https://www.youtube.com/watch?v=TwG0Rd0hr18&ab_channel=HackerSploit

https://www.veracode.com/security/cross-site-request-forgery-guide-learn-all-about-csrf-attacks-and-csrf-protection

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery

https://portswigger.net/support/using-burp-to-test-for-cross-site-request-forgery

https://www.rapid7.com/blog/post/2020/11/19/this-one-time-on-a-pen-test-csrf-to-password-reset-phishing/

https://corneacristian.medium.com/top-25-csrf-bug-bounty-reports-ffb0b61afa55

https://www.youtube.com/watch?v=ImqLlFMQrwQ&ab_channel=TheXSSrat

https://www.youtube.com/watch?v=ULvf6N8AL2A&ab_channel=InsiderPhD

Crawling and Spidering

https://www.screamingfrog.co.uk/seo-spider/

https://medium.com/@marlessonsantana/utilizando-o-scrapy-do-python-para-monitoramento-em-sites-de-not%C3%ADcias-web-crawler-ebdf7f1e4966

https://www.webfx.com/blog/internet/what-is-a-web-crawler/

https://www.octoparse.com/DataCrawler

https://www.screamingfrog.co.uk/crawl-javascript-seo/

https://www.parsehub.com/blog/web-scraping-vs-web-crawling/

https://www.youtube.com/watch?v=Kw3m37ebxmQ&ab_channel=HackerSploit

https://securityonline.info/not-your-average-web-crawler-web-crawler-for-bug-hunting/

http://mateslab.weebly.com/web-crawler-security-tool.html

https://pentestmag.com/startup-new-kind-web-crawler/

https://hakluke.medium.com/introducing-hakrawler-a-fast-web-crawler-for-hackers-ff799955f134

Reviews

https://medium.com/@unt0uchable1/elearnsecurity-ewpt-review-and-tips-72f955f3670

https://sorsdev.com/2021/04/18/elearnsecuritys-ewpt-exam-review/

https://h0mbre.github.io/eWPT/

https://www.linkedin.com/pulse/como-tirei-certifica%C3%A7%C3%A3o-ewpt-review-iran-macedo/?trk=read_related_article-card_title&originalSubdomain=pt

https://kentosec.com/2020/06/25/elearnsecurity-web-application-penetration-tester-ewpt-review/

https://www.reddit.com/r/AskNetsec/comments/6fwthl/elearnsecuritys_ewpt/

https://cinzinga.com/eWPT-WAPT/

https://www.youtube.com/watch?v=cOH7IYhbVPA&ab_channel=WilsonSecurityGroup

https://bestestredteam.com/2019/05/16/elearnsecuritys-web-application-penetration-tester-review/

https://thomfre.dev/elearnsecurity-web-application-pentester

https://www.doyler.net/security-not-included/ewpt-exam

https://www.youtube.com/watch?v=FhIOeXMWWCw&ab_channel=WilsonSecurityGroup

https://medium.com/cybersecpadawan/elearnsecurity-ewpt-certification-b7592bfc70af

https://www.linkedin.com/pulse/overview-da-certifica%C3%A7%C3%A3o-ewpt-elearning-web-tester-dos-santos/?originalSubdomain=pt

https://github.com/h0mbre/h0mbre.github.io/blob/master/_posts/2019-04-15-eWPT.md

https://github.com/h0mbre/h0mbre.github.io/blob/master/_posts/2019-08-03-Security-Certifications-And-Fun.md

https://github.com/IgorSasovets/web-security-learning-resources

https://sorsdev.com/2021/04/24/elearnsecuritys-ewpt-tips-tricks/

https://medium.com/@klockw3rk/elearnsecurity-web-application-penetration-testing-course-wapt-ewpt-2f7480120b8e

https://veteransec.com/2018/12/22/my-elearnsecurity-experience-part-1-wapt/

Web Application Fundamentals

https://pt.wikipedia.org/wiki/Cross-origin_resource_sharing#:~:text=Cross%2DOrigin%20Resource%20Sharing%20ou,o%20recurso%20que%20ser%C3%A1%20recuperado.

https://developer.mozilla.org/pt-BR/docs/Web/HTTP/CORS

https://www.youtube.com/watch?v=af5RI6bLkyw&ab_channel=SoftwareEngineeringInstitute%7CCarnegieMellonUniversity

https://www.youtube.com/watch?v=h-WtIT6gCBk&ab_channel=TheTechCave

https://www.freecodecamp.org/news/secure-your-web-application-with-these-http-headers-fd66e0367628/

https://help.deepsecurity.trendmicro.com/20_0/on-premise/http-security-headers.html#:~:text=Security%20headers%20are%20directives%20used,Cross%2DSite%20Scripting%20or%20Clickjacking.

https://www.netsparker.com/blog/web-security/http-security-headers/

https://owasp.org/www-project-secure-headers/

https://www.smashingmagazine.com/2017/04/secure-web-app-http-headers/

https://www.youtube.com/watch?v=CFzgKfnmG-Q&ab_channel=PrettyPrinted

https://www.youtube.com/watch?v=9dT0FSH-aGQ&ab_channel=CodingTech

https://www.youtube.com/watch?v=eesqK59rhGA&ab_channel=TheTechCave

https://rapidapi.com/blog/api-glossary/http-request-methods/

https://code-maze.com/http-series-part-1/

XSS and BeeF

https://github.com/boku7/XSS-Clientside-Attacks

https://github.com/Naategh/PyCk/tree/master/Web

https://medium.com/bugbountywriteup/file-upload-xss-patched-83ea55bb9a55

https://portswigger.net/web-security/cross-site-scripting/cheat-sheet

https://book.hacktricks.xyz/pentesting-web/xss-cross-site-scripting

https://www.kitploit.com/2018/05/xss-payload-list-cross-site-scripting.html

https://www.aptive.co.uk/blog/xss-cross-site-scripting/

https://labs.nettitude.com/blog/cross-site-scripting-xss-payload-generator/

https://cobalt.io/blog/a-pentesters-guide-to-cross-site-scripting-xss

https://xss.js.org/#/

https://www.researchgate.net/figure/Classification-of-XSS-payloads-exemplified_fig4_220622661

https://xsshunter.com/features

https://www.cin.ufpe.br/~tg/2009-2/agsj.pdf

ftp://ftp.registro.br/pub/gts/gts33/tutorial/A7%20-%20Cross-Site%20Scripting.pdf

http://www.inf.ufsc.br/~bosco.sobral/ensino/ine5680/material-seg-redes/Serie%20Ataques-RedeSegura-XSS.pdf

http://prlalmeida.com.br/anteriores/ArqRefNegocios/Aula%2054%20-%20Cross%20Site%20Scripting.pdf

https://www.enacomp.com.br/2017/docs/analise-vulnerabilidade_xss_apps_web.pdf

https://owasp.org/www-pdf-archive//OWASPTop10XSSLongIsland.pdf

https://owasp.org/www-community/Types_of_Cross-Site_Scripting

https://owasp.org/www-community/attacks/xss/

https://portswigger.net/web-security/cross-site-scripting

https://www.acunetix.com/websitesecurity/xss/

https://www.veracode.com/security/xss

https://blog.detectify.com/2019/03/15/what-are-the-different-types-of-xss/

Vulnerability Analysis

https://www.youtube.com/watch?v=Uv6Idf5ZB9c&ab_channel=MotasemHamdan

https://www.youtube.com/watch?v=KeSUiCr-WGo&ab_channel=webpwnized

https://www.youtube.com/watch?v=pPU2XTFyRmU&ab_channel=denimgroup

https://www.youtube.com/watch?v=wLfRz7rRsH4&ab_channel=CyberSecurityTV

https://mediaspace.regis.edu/media/OWASP+ZAP+Overview+For+Website+Vulnerability+Scanning/1_zpnvcxvx

https://www.youtube.com/watch?v=YTs8GF2eaA0&ab_channel=ParagDhali

https://www.youtube.com/watch?v=_MmDWenz-6U&ab_channel=OracleDevelopers

https://portswigger.net/burp/documentation/desktop/scanning

https://www.youtube.com/watch?v=VP9eQhUASYQ&ab_channel=PortSwigger

https://www.youtube.com/watch?v=W0O53inMaIY&ab_channel=webpwnized

https://www.youtube.com/watch?v=1HDC6fKsKYE&ab_channel=NullByte

https://www.youtube.com/watch?v=X3BGO9U8zuU&ab_channel=CalebBucker

https://github.com/poerschke/Uniscan

https://github.com/We5ter/Scanners-Box

https://github.com/skavngr/rapidscan

User Enumeration and Brute Force & Bypass Attack

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account

https://www.kaspersky.com/blog/username-enumeration-attack/34618/

https://www.vaadata.com/blog/user-enumerations-on-web-applications/

https://www.triaxiomsecurity.com/common-web-application-vulnerabilities-username-enumeration/

https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-subtly-different-responses

https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-different-responses

https://www.youtube.com/watch?v=fP0VVzPI4jQ&ab_channel=Hacksplaining

https://www.youtube.com/watch?v=WCO7LnSlskE&ab_channel=SubhankarAdhikary

https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-response-timing

https://www.youtube.com/watch?v=ZUKvet_BsoY&ab_channel=ITProTV

https://www.youtube.com/watch?v=cL9NsXpUqYI&ab_channel=HackerSploit

https://www.youtube.com/watch?v=_-0JKW3U0aU&ab_channel=SathvikTechtuber

https://www.youtube.com/watch?v=fdb3U2EFLzo&ab_channel=ISOEHIndianSchoolofEthicalHacking

https://portswigger.net/support/using-burp-to-brute-force-a-login-page

https://www.hacksplaining.com/prevention/user-enumeration

XPath injection with XCAT

https://www.oreilly.com/library/view/web-penetration-testing/9781788623377/4ebcd489-b08a-4074-988b-df61d373a6b5.xhtml

https://tomforb.es/exploiting-xpath-injection-vulnerabilities-with-xcat/

https://www.kitploit.com/2014/08/xcat-tool-that-aides-in-exploitation-of.html?m=0

https://www.hacking.land/2017/10/xcat-automate-xpath-injection-attacks.html

https://snyk.io/advisor/python/xcat

https://owasp.org/www-pdf-archive/HAAS_OWASP_NZ_13-Improving_XPath_Injection.pdf

https://book.hacktricks.xyz/pentesting-web/xpath-injection

https://www.youtube.com/watch?v=4yrGD9Xj-hY&ab_channel=SecureCodeWarrior

https://www.youtube.com/watch?v=5ZDSPVp1TpM&ab_channel=MotasemHamdan

https://www.youtube.com/watch?v=6tV8EuaHI9M&ab_channel=Maurisec

https://www.youtube.com/watch?v=ySJwlMsFbco&ab_channel=JohnHammond

https://www.youtube.com/watch?v=p3-ZfhaSRZ0&ab_channel=ThiagoPereira

https://www.youtube.com/watch?v=AvOcikbZsik&ab_channel=EthicalHackingandDigitalForensicsTutorial

https://www.youtube.com/watch?v=U-MZJ6rbqi4&ab_channel=AutomationStepbyStep

SOAP Attacks

https://www.ws-attacks.org/SOAPAction_Spoofing

https://www.forumsys.com/wp-content/uploads/2014/01/Anatomy-of-a-Web-Services-Attack.pdf

https://resources.infosecinstitute.com/topic/soap-requests/

https://www.neuralegion.com/blog/top-7-soap-api-vulnerabilities/

https://blog.securelayer7.net/owasp-top-10-penetration-testing-soap-application-mitigation/

https://www.blackhat.com/presentations/bh-usa-05/bh-us-05-stamos.pdf

https://www.soapui.org/docs/security-testing/security-scans/sql-injection/

https://www.youtube.com/watch?v=UINLbiq19NQ&ab_channel=90%27sHacks

https://www.youtube.com/watch?v=4tmvQ5a4200&ab_channel=CyberSecurityTV

https://capec.mitre.org/data/definitions/110.html

https://www.mantisbt.org/bugs/view.php?id=16879

https://www.dionach.com/blog/web-services-blind-sql-injection/

https://resources.infosecinstitute.com/topic/soap-attack-2/

https://www.youtube.com/watch?v=jDcXub5grgM&ab_channel=90%27sHacks

File and Resource Attacks

https://owasp.org/www-community/attacks/Resource_Injection

https://resources.infosecinstitute.com/topic/file-inclusion-attacks/

https://www.sciencedirect.com/topics/computer-science/attack-resource

https://www.imperva.com/learn/application-security/rfi-remote-file-inclusion/

https://portswigger.net/web-security/file-path-traversal

https://www.neuralegion.com/blog/local-file-inclusion-lfi/

https://www.neuralegion.com/blog/file-inclusion-vulnerabilities/

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/reflected-file-download-a-new-web-attack-vector/

https://www.onsecurity.io/blog/file-upload-checklist/

https://medium.com/@juangrimm/o-que-%C3%A9-lfi-hacking-3bc709dfb5da

More Repositories

1

OSCE3-Complete-Guide

OSWE, OSEP, OSED, OSEE
2,568
star
2

Awesome-Red-Team-Operations

1,260
star
3

Guide-CEH-Practical-Master

1,168
star
4

Cloud-Security-Attacks

Azure and AWS Attacks
1,043
star
5

Awesome-Cloud-PenTest

676
star
6

Red-Team-Management

HTML
627
star
7

Offensivesecurity-Checklists

Checklists for Testing Security environment
545
star
8

Awesome-Malware-and-Reverse-Engineering

379
star
9

eWPTX-Preparation

325
star
10

Python-for-Security

HTML
303
star
11

Awesome-Hardware-and-IoT-Hacking

246
star
12

GCP-Pentest-Checklist

213
star
13

OSCP-Survival-Guide

208
star
14

information-security-relatory

Reports from various areas of information security
188
star
15

PNPT-Preparation-Guide

PNPT Exam Preparation - TCM Security
154
star
16

Red-Team-Exercises

C++
139
star
17

awesome-flipperzero2

Compilation of contents about Flipper Zero
127
star
18

Awesome-PenTest-Practice

Hackthebox, Vulnhub, TryHackMe and Real World PenTest
101
star
19

eCXD-Preparation

eLearnSecurity Certified Exploit Development
98
star
20

Awesome-Blue-Team-Operations

96
star
21

PenTest-Consulting-Creator

Repository with some necessary information for you to create your PenTest consultancy
91
star
22

PenTest-Certifications-Roadmap

83
star
23

Buffer-Overflow-Labs

Practice Labs
80
star
24

Awesome-Exploit-Development

73
star
25

OSCP-in-one-month

72
star
26

RedTeam-Scripts

PowerShell
71
star
27

BadPDF-Generator

Python
64
star
28

Template-CherryTree-PenTest

62
star
29

Adversary-Emulation-Matrix

59
star
30

Web-PenTest-Checklist

48
star
31

Windows-API-for-Red-Team

Python
48
star
32

Facial-Recognition-PenTest-Checklist

47
star
33

PenTest-Report-Collection

41
star
34

CyberSecurityUP

Hack
40
star
35

CyberSecurity-LinkedIn-Materials

34
star
36

Information-Security-Certifications-Map

29
star
37

Powershell-for-PenTest

28
star
38

smart-contracts-audit-checklist

25
star
39

Hackthebox-Privilege-Escalation

24
star
40

Osint-Social-Mapping

OSINT mapping using Twitter, Ficklr, Shodan and Insecam
Python
22
star
41

AV-Bypass-codes

Python, C++ and Go
C++
21
star
42

Windows-Defender-DLL-Hijacking

C++
20
star
43

PhantomsGate

PhantomsGate: Advanced Shellcode Injection Technique
C++
20
star
44

Bug-Bounty-Dorks-Vulns

19
star
45

python-for-hackers

Python
19
star
46

Cybersecurity-Certifications-Guide

19
star
47

Web-PenTest-Resume-Tips

19
star
48

Fuxsociety

Fuxsociety Mr Robot 2.1
Python
18
star
49

CRPYA

Challenge Python
Python
18
star
50

Mitre-Attack-Matrix

17
star
51

Cracking-The-Perimeter-Framework

New Framework Red Team Operations
17
star
52

shellcode-runner-rust

Simple Shellcode Runner in Rust Language
Rust
17
star
53

AWS-Cloud-Practicioner-Notes

15
star
54

PyDorkGPT

Google Hacking using Prompt ChatGPT
Python
14
star
55

Trevorfuscation

A tool that automates the trevorc2 powershell agent obfuscation process with the pyfuscation tool
Shell
14
star
56

Adversary-Emulation-Guide

14
star
57

Cyber-Security-Contents

14
star
58

Physical-PenTest-Methodology

Basic guide for performing a Physical PenTest - Nist 800-12, 800-53, 800-115, 800-152
14
star
59

GCP-Adversary-Emulator

Comprehensive adversary emulation tool for security testing on Google Cloud Platform (GCP) environments.
Python
14
star
60

OSWP-Automated-tools

Shell
13
star
61

Python-Introduction

Python
13
star
62

backup-fu

Automatic cloud backup of Kali Linux data
Shell
12
star
63

Harden-Fu

Shell
11
star
64

C2Matrix-Automation

C2Matrix Automation
Shell
11
star
65

HermitPurple-Maltegoce

Finding Missing People, extract information in Dark Web and Surfaceweb Investigation and Human Trafficking Support
Python
11
star
66

k8senumeration

Kubernetes, Clusters and Dockers Enumeration in GCP and AWS environments
Python
11
star
67

LiesGate

C++
11
star
68

HunterX

King of Bug Bounty Tips Simple Tool
Shell
10
star
69

Malware-Analysis-Exercises

10
star
70

ISO-27002-Document

10
star
71

Ransomware-Codes

Educational repository with source code examples
10
star
72

RansomwarePy

Ransomware Python
Python
7
star
73

TTPs-Mitre-Attack

7
star
74

Red-Team-Operations-Framework

Red Team Operations Framework
7
star
75

study-TI

Auxilios nos seus estudos e planejamento
6
star
76

Challenges

Challenge Inmetrics
HTML
6
star
77

Documentation-of-information-security

6
star
78

stalkfacebook1.0

Python
6
star
79

AWS-Cloud-Architect-Associate-Notes

6
star
80

Simple-Ransomwares

C++
6
star
81

AhmiaDomainExtractor-Maltegoce

Python
6
star
82

Application-Vulnerable

6
star
83

ProcessKiller-BYOVD

BYOVD Technique Example using viragt64 driver
C++
5
star
84

shellcode-templates

Assembly
5
star
85

Standards-and-Controls

5
star
86

facebookstalking2.0

Python
5
star
87

block-website

Bloqueador de website feito em python
Python
5
star
88

Suicide-Prevention-Map

Suicide Prevention Map using Google Place API and Google Search API
Python
5
star
89

SafeBuddy

APK Suicide Prevention
Java
5
star
90

MacInjector-Automated

MacInjector is a tool that lists macOS applications, checks code-signing vulnerabilities, and injects a dynamic library (dylib) into a vulnerable application.
Python
5
star
91

ReconFu

Scripts made in python to automate recognition
Python
5
star
92

DeepFakeDetect-URL

Detect if a photo is deepfake by passing the URL and analyzing
Python
5
star
93

JWTK-Exploits

Python
4
star
94

SilverEye-Twitter-Scraping

A tool created to scrape twitter using its own API
Python
4
star
95

Snake-AI

Edition Code for Python the AI
Python
4
star
96

owasp-asvs-checklist-portugues

4
star
97

reversescripts

Scripts para Engenharia Reversa
Python
4
star
98

CRTO-Study

Zeropoint Course CRTO
HTML
4
star
99

My-CVEs

4
star
100

SyscallHookDetector

C++
4
star