BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions

🎯 Open Redirect Payload List

Real-world infosec wordlists, updated regularly

not a reverse-engineered version of the Cobalt Strike Beacon

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

GitHub Attack Toolkit - Extreme Edition

Pentest Report Generator

HTNotes - Make your Hack The Box notes with Obsidian

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

WPScan rewritten in Python + some WPSeku ideas

Automatic SSRF fuzzer and exploitation tool

Cocos simplifies game creation and distribution with Cocos Creator, a free, open-source, cross-platform game engine. Empowering millions of developers to create high-performance, engaging 2D/3D gam…

QR Code generation and reading tool

Penetration tests guide based on OWASP including test cases, resources and examples.

🎯 Command Injection Payload List

pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Automated NoSQL database enumeration and web application exploitation tool.

Top disclosed reports from HackerOne

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

A collection of custom security tools for quick needs.

A curated list of various bug bounty tools

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

🎯 SQL Injection Payload List

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Automated All-in-One OS Command Injection Exploitation Tool.