A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Automatic SQL injection and database takeover tool

Impacket is a collection of Python classes for working with network protocols.

Web path scanner

Scapy: the Python-based interactive packet manipulation program & library.

OneForAll是一款功能强大的子域收集工具

Web Pentesting Fuzz 字典,一个就够了。

机器学习算法python实现

Web application fuzzer

An Efficient ProxyPool with Getter, Tester and Server

💖 High available distributed ip proxy pool, powerd by Scrapy and Redis

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

一个攻防知识仓库 Red Teaming and Offensive Security

A fast sub domain brute tool for pentesters

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Scrapy+Splash for JavaScript integration

The Network Execution Tool

Automatic SSRF fuzzer and exploitation tool

Mimikatz implementation in pure Python

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.

DNS Enumeration Script

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

各种漏洞poc、Exp的收集或编写

Tool for Active Directory Certificate Services enumeration and abuse

利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点

Struts2全漏洞扫描利用工具

A Python based ingestor for BloodHound

AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation

A tool to dump a git repository from a website