wikis & cheatsheetsReverse Shell Cheat Sheet: PHP, ASP, Netcat, Bash & Python
mXSS cheatsheet
This cheatsheet is your one-stop shop for diving deep into the fascinating world of mXSS (mutations caused by browser quirks in HTML parsing). Forget sifting through the official 1500~ page spec – here’s a curated list of examples that showcase these unexpected behaviors.
GMSGadget
GMSGadget (Give Me a Script Gadget) is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) and HTML sanitizers like DOMPurify.
URL validation bypass cheat sheet
This cheat sheet contains payloads for bypassing URL validation. These wordlists are useful for attacks such as server-side request forgery, CORS misconfigurations, and open redirection.
Cross-Site Scripting (XSS) Cheat Sheet - 2026 Edition | Web Security Academy
Developer Resources - User Agent Parsing, API, Browser Detection, and more
newsletters
courses & labscipher387/API-s-for-OSINT: List of API's for gathering information about phone numbers, addresses, domains etc
BugBountyHunting.com - A community-curated Resource for Bug Bounty Hunting
GitHub - appsecco/vulnerable-mcp-servers-lab: A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.
NetExec-Lab/Barbhack-2025 at main · Pennyw0rth/NetExec-Lab · GitHub
GitHub - LiteshGhute/LLMGoat: LLMGoat: Offensive LLM Security Environment
books