Submit your favorite resources for free.
Find red teaming, penetration testing, and ethical hacking resources in seconds.
ZoomEye is a cyberspace search engine for discovering and analyzing internet-connected devices, offering tools for asset discovery and vulnerability analysis.
PowerShell-based Active Directory security assessment tool for identifying misconfigurations, privilege escalation paths, and offensive operations.
angr is a platform-agnostic binary analysis framework for reverse engineering and vulnerability research.
asleap is a tool to recover LEAP/PPTP passwords, demonstrating a deficiency in Cisco LEAP networks using dictionary or captured packet analysis.
A recursive internet scanner for hackers, designed to automate Recon, Bug Bounties, and ASM with a focus on comprehensive subdomain enumeration.
bettercap is a powerful, modular framework for network reconnaissance and MITM attacks over WiFi, Bluetooth LE, and Ethernet networks.
Hunt for AI coding artifacts containing secrets by scanning public GitHub repositories for leaked credentials in AI coding tool configuration files.
AWS security scanner with attack chain detection. 47 checks, Terraform remediation for every finding, scan diff. Free. pip install cloud-audit
crAPI is a completely ridiculous API vulnerable by design, built on a microservices architecture, designed to help understand API security risks.
crt.sh is a Certificate Transparency (CT) log search tool that allows users to find SSL/TLS certificates issued for specific domains or organizations.
Open-source tools and resources for vulnerability disclosure, promoting safe harbor and standardized practices for hackers and organizations.
dnstwist is a phishing domain scanner that finds lookalike domains adversaries can use to attack you, helping to identify potential threats.
