A collective list of free APIs

Stable Diffusion web UI

Drop in a screenshot and convert it to clean code (HTML/Tailwind/React/Vue)

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to clo…

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A simple, yet elegant, HTTP library.

Rich is a Python library for rich text and beautiful formatting in the terminal.

High-Resolution Image Synthesis with Latent Diffusion Models

Automatic SQL injection and database takeover tool

Python packaging and dependency management made easy

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

You Know, For WEB Fuzzing ! 日站用的字典。

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

HTTP parameter discovery suite.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Get a ChatGPT plugin up and running in under 5 minutes!

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

Yet Another Golang binary parser for IDAPro

Enumerate the permissions associated with AWS credential set

Smart Install Exploitation Tool

A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.

Issues with WebSocket reverse proxying allowing to smuggle HTTP requests

TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.

Turbo Intruder Scripts

siberas JMX exploitation toolkit