A proper approach to pentest a Web application with the mixture of all useful payloads and complete testing guidance of attacks. Designed as a quick reference cheat sheet for your pentesting and bug bounty engagement.
☆103Feb 12, 2025Updated last year
Alternatives and similar repositories for Offensive-Pentesting-Web
Users that are interested in Offensive-Pentesting-Web are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Scripts that are intended to help you in your pen-testing and bug-hunting efforts by automating various manual tasks, making your work mo…☆99Sep 27, 2025Updated 5 months ago
- ☆13Oct 16, 2025Updated 5 months ago
- List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.☆430Mar 16, 2026Updated last week
- Help fuzz various protocols and waits for ping backs Integrates LDAP server and JNDI payload☆11Dec 27, 2021Updated 4 years ago
- Collection of Penetration Testing Interview Questions across various domains, including Information Security, Network Security, Web Secur…☆63Aug 19, 2025Updated 7 months ago
- Enterprise SOC Lab with automated threat detection, SOAR orchestration, and incident response☆30Jan 21, 2026Updated 2 months ago
- A high-performance domain scanner that discovers active domains by testing multiple Top-Level Domains (TLDs) for given domain names.☆30Oct 26, 2025Updated 4 months ago
- OWASP Foundation Web Respository☆26Jan 27, 2026Updated last month
- Tutorials and Things to Do while Hunting Vulnerability.☆13Aug 30, 2022Updated 3 years ago
- ☆30Aug 22, 2019Updated 6 years ago
- This lab is for **EDUCATIONAL PURPOSES ONLY**. Use it responsibly and only on systems you own or have explicit permission to test. Do not…☆17Feb 20, 2026Updated last month
- Ant is a post-exploitation tool designed to automate the deployment of tunnels and port forwarding based on a predefined topology configu…☆17Jan 31, 2024Updated 2 years ago
- ☆11Dec 17, 2023Updated 2 years ago
- SSL/TLS Certificate Checker - A Python script to validate SSL/TLS certificates for common misconfigurations and output the results in JSO…☆17Sep 27, 2023Updated 2 years ago
- Mrco24-Lfi-Scanner is a high-speed Local File Inclusion (LFI) vulnerability scanning tool developed in the Go programming language. It's …☆13Dec 16, 2023Updated 2 years ago
- Autorev.sh generates reverse shell codes for reverse shell . Supports linux and windows☆17Apr 8, 2022Updated 3 years ago
- API research and learning☆12May 22, 2019Updated 6 years ago
- this repo contains some public methodologies which I found from internet (google,telegram,discord,writeups etc..)☆30May 30, 2024Updated last year
- Burp suite extension which help you to find inconsistency between content-type header and body parsers☆11Sep 14, 2025Updated 6 months ago
- Publishing advisories for CVEs found by POST Cyberforce☆13Jan 7, 2025Updated last year
- OWASP Web Application Testing Cheat Sheet converted to tool formats☆25Jan 20, 2017Updated 9 years ago
- This script was developped to assist in SpearPhishing campaign during Red Team operations. It can be used to generate random name based o…☆13Feb 6, 2023Updated 3 years ago
- Right-To-Left Override POC☆35Mar 21, 2022Updated 4 years ago
- Aliases and functions for the lazy penetration tester☆69Jan 28, 2024Updated 2 years ago
- Scripts and tools for AWS Pentest☆53Oct 22, 2020Updated 5 years ago
- Top 100 Hacking & Security E-Books (Free Download)☆10Feb 26, 2021Updated 5 years ago
- In this repo, I have included the tools that i used for my everyday penetration tests, if you have just installed kali and lost your tool…☆31Oct 16, 2024Updated last year
- A research project to crawl and analyze Top 1 million domains☆24Feb 7, 2023Updated 3 years ago
- 🌩Using CodeQL To Conduct JavaScript Security Analysis Against Modern Web Applications☆20Oct 16, 2024Updated last year
- Application Security Mind Maps☆11Apr 10, 2021Updated 4 years ago
- ☆20May 18, 2022Updated 3 years ago
- An Apostrophe website that demonstrates various techniques and will be linked to in documentation, stackoverflow answers, etc. Check it o…☆15Aug 4, 2025Updated 7 months ago
- XSS scanning with Dalfox on Github-action☆26Nov 26, 2023Updated 2 years ago
- ☆10Jan 30, 2022Updated 4 years ago
- ☆15May 17, 2018Updated 7 years ago
- Collection of scripts that I have used on Red Team engagements☆16Feb 15, 2018Updated 8 years ago
- Awesome Mobile Application Penetration Testing Cheat Sheet☆14May 29, 2021Updated 4 years ago
- Hand list of Powershell commands frequently used during penetration tests☆15Oct 14, 2018Updated 7 years ago
- Toolkit for manual buffer exploitation, which features a basic network socket fuzzer, offset pattern generator and detector, bad characte…☆24Nov 24, 2019Updated 6 years ago