βOWASP Web Security Testing Guide - comprehensive guide to testing the security of web applications and web services created by the OWASP foundation.
There is a bug bounty focused search engine at https://www.bugbountyhunting.com/? that can point you in the direction of tools, attacks, methodology, writeups, anything you want. It is amazing.
βbounty-targets-data - This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
βhttps://www.webgap.io/ - WEBGAP remote browser isolation physically isolates you from the risks of using the internet by isolating your web browsing activity away from your local device.
βhttps://requestbin.com/ - A modern request bin to collect, inspect and debug HTTP requests and webhooks
βRace-the-web - Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
βDVCS-Ripper - Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, etc.