A list of useful payloads and bypass for Web Application Security and Pentest/CTF

ALL IN ONE Hacking Tool For Hackers

the only cheat sheet you need

Automatic SQL injection and database takeover tool

Detectron2 is a platform for object detection, segmentation and other visual recognition tasks.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Impacket is a collection of Python classes for working with network protocols.

Most advanced XSS scanner.

Web path scanner

CTF framework and exploit development library

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

A paper list of object detection using deep learning.

MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

Fast subdomains enumeration tool for penetration testers

an awesome list of honeypot resources

Main Sigma Rule Repository

OneForAll是一款功能强大的子域收集工具

A swiss army knife for pentesting networks

An advanced memory forensics framework

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

🔥 Web-application firewalls (WAFs) from security standpoint.

Web application fuzzer

PEDA - Python Exploit Development Assistance for GDB

Automated Adversary Emulation Platform

Compilation of Resources from TCM's Practical Ethical Hacking Udemy Course

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

The FLARE team's open-source tool to identify capabilities in executable files.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Google CTF