32 tools and resources
A fast and reliable port scanner for attack surface discovery
A repository containing material from a talk on sub-domain enumeration techniques
Converts the format of various S3 buckets for bug bounty and security testing.
A company that helps organizations create security-aware teams and produce bug-free software.
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
A comprehensive collection of security assessment lists for security testers.
Hidden parameters discovery suite
A tool for scanning websites with open .git repositories and dumping their content for Bug Hunting/Pentesting Purposes.
A tool for discovering company infrastructure and apps on major cloud providers, beneficial for bug bounty hunters and penetration testers.
A Burp plugin for identifying potential vulnerabilities in web applications
Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.
A developer added malicious code to a popular open-source package, wiping files on computers in Russia and Belarus as a protest.
Repository of tools for testing iPhone messaging by Project Zero
A disclosure of a bug found in Twitter's Vine and the process of procuring the source code.
The Node.js Bug Bounty Program is a program aimed at identifying and fixing security vulnerabilities in the Node.js ecosystem.
A collection of real-world scenarios to evaluate command injection detection and exploitation abilities
Comprehensive reference guide for bug bounty hunters with detailed information on various vulnerabilities, platforms, tools, and best practices.
A repository containing hourly-updated data dumps of bug bounty platform scopes
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
Solve password-riddles on a website without logins or ads.
A platform offering hacking missions to test and enhance skills.
Platform for users to test cybersecurity skills by exploiting vulnerabilities.
Comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code.
RDP based Honeypot that creates virtual machines for incoming connections and analyzes traffic with Suricata.
HonnyPotter is a WordPress plugin that logs all failed login attempts, with a caution to use it at your own risk.
A deliberately vulnerable modern day app with lots of DOM related bugs
A comprehensive collection of wordlists for bruteforcing and password cracking, covering various hashing algorithms and sizes.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
A deliberately weak and insecure implementation of GraphQL for testing and practicing GraphQL security
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
A categorized collection of bug bounty write-ups for various vulnerabilities.
A tool for testing Cross Site Scripting vulnerabilities
