A list of useful payloads and bypass for Web Application Security and Pentest/CTF

2023年最新总结，阿里，腾讯，百度，美团，头条等技术面试题目，以及答案，专家出题人分析汇总。

What the f*ck Python? 😱

Automatic SQL injection and database takeover tool

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

OCRmyPDF adds an OCR text layer to scanned PDF files, allowing them to be searched

Ready-to-use OCR with 80+ supported languages and all popular writing scripts including Latin, Chinese, Arabic, Devanagari, Cyrillic and etc.

A next generation HTTP client for Python. 🦋

CTF framework and exploit development library

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the contr…

Fast subdomains enumeration tool for penetration testers

Credentials recovery project

OneForAll是一款功能强大的子域收集工具

Come and join us, we need you!

You Know, For WEB Fuzzing ! 日站用的字典。

Nginx开发从入门到精通

HTTP parameter discovery suite.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

爆破字典

Windows Exploit Suggester - Next Generation

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-…

A python script that finds endpoints in JavaScript files

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

A fast sub domain brute tool for pentesters

An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.