A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Automatic SQL injection and database takeover tool

Ready-to-use OCR with 80+ supported languages and all popular writing scripts including Latin, Chinese, Arabic, Devanagari, Cyrillic and etc.

Python ProxyPool for web spider

Impacket is a collection of Python classes for working with network protocols.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Web path scanner

Incredibly fast crawler designed for OSINT.

Credentials recovery project

an awesome list of honeypot resources

OneForAll是一款功能强大的子域收集工具

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

越来越多的网站具有反爬虫特性，有的用图片隐藏关键数据，有的使用反人类的验证码，建立反反爬虫的代码仓库，通过与不同特性的网站做斗争（无恶意）提高技术。（欢迎提交难以采集的网站）（因工作原因，项目暂停）

Infection Monkey - An open-source adversary emulation platform

🔥 Web-application firewalls (WAFs) from security standpoint.

Web application fuzzer

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Cowrie SSH/Telnet Honeypot https://docs.cowrie.org/

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-…

dataset and code for 2016 paper "Learning a Driving Simulator"

An enterprise friendly way of detecting and preventing secrets in code.

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…

一个攻防知识仓库 Red Teaming and Offensive Security

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, co…