A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Deepfakes Software For All

1 min voice data can also be used to train a good TTS model! (few shot voice cloning)

Instant voice cloning by MIT and MyShell. Audio foundation model.

Easily train a good VC model with voice data <= 10 mins!

Impacket is a collection of Python classes for working with network protocols.

OneForAll是一款功能强大的子域收集工具

A swiss army knife for pentesting networks

📱 objection - runtime mobile exploration

🤖 史上最强云手机远程桌面逆向抓包HOOK自动化取证能力集一体的安卓 RPA 框架，下一代移动数据自动化机器人。

Web application fuzzer

RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data

Open Source Vulnerability Management Platform

A frida tool to dump dex in memory to support security engineers analyzing malware.

基于flet的一款windows桌面应用，实现了浏览图片、音乐、小说、漫画、各种资源的功能。

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Tool to look for several security related Android application vulnerabilities

An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Stealing Signatures and Making One Invalid Signature at a Time

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

Find web directories without bruteforce

The Offensive Manual Web Application Penetration Testing Framework.

Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具

SRC子域名资产监控

Yet Another Golang binary parser for IDAPro

基于python图像识别实现的连连看外挂，可实现QQ连连看秒破

Plug-in type web vulnerability scanner

Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架