This repository is intended for pentesters and red teamers using a variety of offensive security tools during their assessments. The repository is a collection of useful tools suitable for assessments in internal environments. We fetch and compile the latest version of each tool on a regular basis and provide it to you as a release.
You don't have to worry about updating and compiling the tools yourself. Just download the latest release and find all the awesome tools you will need in a single archive.
https://github.com/Syslifters/offsec-tools

Link:
https://github.com/danieldurnea/rdp-free

A series of scripts to harden macOS 15.5 (Sequoia) for security and
privacy, inspired by NIST guidelines. Suitable for power users and
novices alike. This project evolved from the macOS Security Compliance
Project, a Python-based tool, with the current focus on Bash scripts
while preserving legacy features.
https://github.com/cluster2600/ALBATOR

https://hackread.com/xss-is-cybercrime-f...ted-admin/

BrowserBruter is a powerful web form fuzzing automation tool designed for web security professionals and penetration testers. This Python-based tool leverages Selenium and Selenium-Wire to automate web form fuzzing, making it easier to identify potential vulnerabilities in web applications. 
https://github.com/netsquare/BrowserBruter
   

https://syntax.goldenowl.ai/    

#exploit
1⃣ CVE-2025-48703: (https://fenrisk.com/rce-centos-webpanel)
RCE in CentOS Web Panel
2⃣ CVE-2025-31200: (https://blog.noahhw.dev/posts/cve-2025-31200)
Zero-click RCE vulnerability in Apple's iOS 18.x
3⃣ CVE-2025-32463: (https://github.com/pr0v3rbs/CVE-2025-32463_chwoot)
Escalation of Privilege to the root through sudo binary with chroot option
4⃣ CVE-2025-49113: (https://github.com/fearsoff-org/CVE-2025-49113)
Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization
5⃣ CVE-2025-32433: (https://github.com/ProDefense/CVE-2025-32433)
Unauth RCE in Erlang/OTP SSH

1. DEVMAN Ransomware
https://any.run/cybersecurity-blog/devma...e-analysis
2. BrowserVenom (Fake DeepSeek) Malicious installer
https://securelist.com/browservenom-mimi...oxy/115728
3. KimJongRAT Stealer
https://unit42.paloaltonetworks.com/kimj...powershell
4. macOS NimDoor
https://www.sentinelone.com/labs/macos-n...ed-malware
5. Windows Shortcut (LNK) Malware Strategies
https://unit42.paloaltonetworks.com/lnk-malware

#WebApp_Security
Bug Bounty Cheat Sheet, Ver.1.0.
1. Account Takeover (ATO) (https://github.com/swisskyrepo/PayloadsA...20Takeover)
2. API Key and Token Leaks (https://github.com/swisskyrepo/PayloadsA...ey%20Leaks)
3. Bypass Upload Tricky (https://github.com/swisskyrepo/PayloadsA...re%20Files)
4. Clickjacking (https://github.com/swisskyrepo/PayloadsA...ickjacking)
5. Client Side Path Traversal (CSPT) (https://github.com/swisskyrepo/PayloadsA...0Traversal)
6. Command Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
7. Content Injection (https://github.com/EdOverflow/bugbounty-...jection.md)
8. CORS (https://github.com/swisskyrepo/PayloadsA...ion)/OAuth (https://github.com/swisskyrepo/PayloadsA...figuration) Misconfiguration
9. CRLF Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
10. CSV Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
11. Cross-Site WebSocket Hijacking (CSWSH) (https://github.com/swisskyrepo/PayloadsA...s)/Request Forgery (CSRF/XSRF) (https://github.com/swisskyrepo/PayloadsA...%20Forgery)
12. DNS Rebinding (https://github.com/swisskyrepo/PayloadsA...0Rebinding)
13. DOM Clobbering (https://github.com/swisskyrepo/PayloadsA...Clobbering)
14. Dependency Confusion (https://github.com/swisskyrepo/PayloadsA...0Confusion)
15. Directory Traversal (https://github.com/swisskyrepo/PayloadsA...0Traversal)
16. External Variable Modification (https://github.com/swisskyrepo/PayloadsA...dification)
17. File Inclusion/LFI (https://github.com/swisskyrepo/PayloadsA...0Inclusion)
18. GraphQL Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
19. HTTP Request Smuggling (https://github.com/swisskyrepo/PayloadsA.../Parameter Pollution (HPP) (https://github.com/swisskyrepo/PayloadsA...0Pollution)
20. Insecure Deserialization (https://github.com/swisskyrepo/PayloadsA...on)/Direct Object References (https://github.com/swisskyrepo/PayloadsA...Management Interface (https://github.com/swisskyrepo/PayloadsA...Randomness (https://github.com/swisskyrepo/PayloadsA...ss)/Source Code Management (https://github.com/swisskyrepo/PayloadsA...Management)
21. LDAP Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
22. LaTeX Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
23. Mass Assignment (https://github.com/swisskyrepo/PayloadsA...Assignment)
24. Memory Exhaustion (DoS) (https://github.com/swisskyrepo/PayloadsA...%20Service)
25. NoSQL Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
26. ORM Leak (https://github.com/swisskyrepo/PayloadsA...ORM%20Leak)
27. Open URL Redirect (https://github.com/swisskyrepo/PayloadsA...20Redirect)
28. Prompt Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
29. Prototype Pollution (https://github.com/swisskyrepo/PayloadsA...0Pollution)
30. Race Condition (https://github.com/swisskyrepo/PayloadsA...0Condition)
31. Regular Expression DoS (ReDoS) (https://github.com/swisskyrepo/PayloadsA...Expression)
32. SAML Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
33. SQL Injection (SQLi) (https://github.com/swisskyrepo/PayloadsA...0Injection)
34. Server Side Include Injection (https://github.com/swisskyrepo/PayloadsA...n)/Request Forgery (https://github.com/swisskyrepo/PayloadsA...)/Template Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
35. SMTP Header Injection (https://www.acunetix.com/blog/articles/e...-injection)
36. Tabnabbing (https://github.com/swisskyrepo/PayloadsA...Tabnabbing)
37. Type Juggling (https://github.com/swisskyrepo/PayloadsA...20Juggling)
38. Web Cache Deception (https://github.com/swisskyrepo/PayloadsA...0Deception)
39. XPATH (https://github.com/swisskyrepo/PayloadsA...tion)/XSLT (https://github.com/swisskyrepo/PayloadsA...ction)/XSS (https://github.com/swisskyrepo/PayloadsA...ction)/XXE Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
40. Zip Slip Command Execution (https://github.com/snyk/zip-slip-vulnerability)

Summary This report analyzes a UPX-packed Windows executable file identified as a Salat Stealer. The malware collects the victim's keystrokes, system information, browser-stored credentials, cryptocurrency wallet data, and messaging applications data. It can also access the victim's webcam and microphone. It compresses the collected data and then exfiltrates it to the command-and-control (C2) server over the Quick UDP Internet Connections (QUIC) protocol.
Link:
https://blog.pwndesal.xyz/salat-malware-...e-analysis