The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Automatic SQL injection and database takeover tool

[NeurIPS 2022] Towards Robust Blind Face Restoration with Codebook Lookup Transformer

CTF framework and exploit development library

Firmware Analysis Tool

Credentials recovery project

An advanced memory forensics framework

PEDA - Python Exploit Development Assistance for GDB

Study Notes For Web Hacking / Web安全学习笔记

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, a…

A cross-version Python bytecode decompiler

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

A fast sub domain brute tool for pentesters

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, co…

Weaponized web shell

Source Code Security Audit (源代码安全审计)

Phishing Campaign Toolkit

Reconnaissance Swiss Army Knife

Corelan Repository for mona.py

Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

ODAT: Oracle Database Attacking Tool

Python3编写的CMS漏洞检测框架

XssPy - Web Application XSS Scanner

VMAttack PlugIn for IDA Pro

WAFNinja is a tool which contains two functions to attack Web Application Firewalls.

A Python Framework For NoSQL Scanning and Exploitation

A module for cross-platform control of the mouse and keyboard in python that is simple to install and use.

A Python implementation of the Wiener attack on RSA public-key encryption scheme.

A pure-python win32 debugger interface.