A list of useful payloads and bypass for Web Application Security and Pentest/CTF

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Automatic SQL injection and database takeover tool

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Python ProxyPool for web spider

微信机器人 / 可能是最优雅的微信个人号 API ✨✨

Impacket is a collection of Python classes for working with network protocols.

A next generation HTTP client for Python. 🦋

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Most advanced XSS scanner.

match command-line arguments to their help text

Nuitka is a Python compiler written in Python. It's fully compatible with Python 2.6, 2.7, 3.4-3.13. You feed it your Python app, it does a lot of clever things, and spits out an executable or exte…

CTF framework and exploit development library

E-mails, subdomains and names Harvester - OSINT

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

Incredibly fast crawler designed for OSINT.

Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

fsociety Hacking Tools Pack – A Penetration Testing Framework

Fast subdomains enumeration tool for penetration testers

Credentials recovery project

OneForAll是一款功能强大的子域收集工具

A swiss army knife for pentesting networks

Come and join us, we need you!

Nginx configuration static analyzer

You Know, For WEB Fuzzing ! 日站用的字典。

An advanced memory forensics framework

🔍 Google from the terminal

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…