A list of useful payloads and bypass for Web Application Security and Pentest/CTF

带带弟弟 通用验证码识别OCR pypi版

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

记录自己编写、修改的部分工具

此项目用来提取收集以往泄露的密码中符合条件的强弱密码

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

使用ddddocr的最简api搭建项目，支持docker

Redis-Attack By Replication (通过主从复制攻击Redis)

Mssql利用工具

SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS, ICMP, HTTP Encapsulation, HTTP/Socks Proxies, UDP...)

NTLM relay test.

A reverse shell based on sshd supporting DNS and ICMP Tunnelling as well as HTTP and Socks Proxies