A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev

A list of public penetration test reports published by several consulting firms and academic security groups.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

✅Browser ❌Cloudflare ✅Host — Generator of customized Cloudflare error pages (unofficial)

Open-Source Unified Vulnerability Management, DevSecOps & ASPM

WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.

Powerful Tool to Grab Front Camera Snaps Using A Link

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Repository for information about 0-days exploited in-the-wild.

A tool to quickly identify relevant, publicly-available open source intelligence ("OSINT") tools and resources, saving valuable time during investigations, research, and analysis.

CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocke…

EmuHub is a tool designed to simplify the testing of Android applications by providing access to multiple emulators via web browsers. Built with Docker and NoVNC, EmuHub offers developers and QA en…

XSSHunter written in Go with more notifications and features

TC39 proposal for mitigating prototype pollution

Self hosted interactsh & xsshunter setup with discord integration.

Dekon is a sleek tool for generating and using categorized Google Dorks, tailored for OSINT and security testing. Customize domains and open dorks in new tabs effortlessly!