An opinionated list of awesome Python frameworks, libraries, software and resources.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Grok open release

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Automatic SQL injection and database takeover tool

🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & Scraper

python爬虫教程系列、从0到1学习python爬虫，包括浏览器抓包，手机APP抓包，如 fiddler、mitmproxy，各种爬虫涉及的模块的使用，如：requests、beautifulSoup、selenium、appium、scrapy等，以及IP代理，验证码识别，Mysql，MongoDB数据库的python使用，多线程多进程爬虫的使用，css 爬虫加密逆向破解，JS爬虫逆向，…

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Impacket is a collection of Python classes for working with network protocols.

Most advanced XSS scanner.

Web path scanner

带带弟弟 通用验证码识别OCR pypi版

Credentials recovery project

OneForAll是一款功能强大的子域收集工具

You Know, For WEB Fuzzing ! 日站用的字典。

安卓应用层抓包通杀脚本

🤖 史上最强云手机远程桌面逆向抓包HOOK自动化取证能力集一体的安卓 RPA 框架，下一代移动数据自动化机器人。

Web application fuzzer

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

HTTP parameter discovery suite.

Scanning APK file for URIs, endpoints & secrets.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Study Notes For Web Hacking / Web安全学习笔记

Top disclosed reports from HackerOne

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-…

A frida tool to dump dex in memory to support security engineers analyzing malware.

信息收集自动化工具

一个攻防知识仓库 Red Teaming and Offensive Security

A fast sub domain brute tool for pentesters