A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🚀AI拟声: 5秒内克隆您的声音并生成任意语音内容 Clone a voice in 5 seconds to generate arbitrary speech in real-time

Web path scanner

E-mails, subdomains and names Harvester - OSINT

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

OneForAll是一款功能强大的子域收集工具

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

告别枯燥，致力于打造 Python 实用小例子，更多Python良心教程见 https://ai-jupyter.com

You Know, For WEB Fuzzing ! 日站用的字典。

Multi-Cloud Security Auditing Tool

安卓应用层抓包通杀脚本

Infection Monkey - An open-source adversary emulation platform

Web application fuzzer

PEDA - Python Exploit Development Assistance for GDB

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

爆破字典

Automated All-in-One OS Command Injection Exploitation Tool.

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

Top disclosed reports from HackerOne

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-…

A frida tool to dump dex in memory to support security engineers analyzing malware.

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…

安卓应用安全学习

信息收集自动化工具

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Arsenal is just a quick inventory and launcher for hacking programs

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.