A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Automatic SQL injection and database takeover tool

Web path scanner

Incredibly fast crawler designed for OSINT.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors

KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。

Deep Learning model to analyze a large corpus of clear text passwords.

Find interesting Amazon S3 Buckets by watching certificate transparency logs.

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive …

Automatic Enumeration Tool based in Open Source tools

Intelligent login bruteforcer.

for mass exploiting

ReverShellGenerator - A tool to generate various ways to do a reverse shell

IP obfuscator made to make a malicious ip a bit cuter

Cloak can backdoor any python script with some tricks.

Hacking systems with the automation of PasteJacking attacks.

A pure python module (thread safe) to access memcached via it's binary protocol with SASL auth support.

A python based cross-platform tool that automates the process of detecting and exploiting error-based injection security flaws.

A traffic analyzer to evade Empire's communication from Anomaly-Based IDS

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

Scapy hands-on

This program is a command line utility that allows you to search for a specific pattern in the files of a GitHub repository. It uses the PyGithub library to interact with the GitHub API and the arg…