VAPT
Asset and Content Discovery
- Amass
- Aquatone v1
- Aquatone v2
- Censys Search
- crt.sh
- Get-all-urls (gau)
- Google Dorks
- GoWitness
- httprobe
- httpx
- LinkFinder
- Shodan.io
- subfinder
- uncover
- Wappalyzer
- whois
- whoxy
Buffer Overflow
Burp Suite Plugins
- JWT Editor
- Pentest Mapper
- Replicator
- Wordlist Extractor
Checklist
Directory busting
Linux
Leaked
Machines
Mobile
Network
Note
Operating System
OSINT
Payloads
- Client Side Prototype Pollution
- PayloadAllTheThings
- RFI/LFI Payload List
- Server Side Template Injection Payloads
- SQLi Payload List
- XSS Payload List
- Web Attack Cheat Sheet
RCE
Red Teaming
Reporting Tools
Reverse Engineering
Scanners
Screenshots Utility
Wordlists
Reading Materials, Tools, Collections
Collections
- awesome-api-security
- APT & Cybercriminals Campaign Collection
- Awesome One-liner Bug Bounty Awesome
- CTF Tools
- Cyber Threat Intelligence Fundamentals
- gitignore
- Stego Toolkits
- Web Attack Cheat Sheet