A list of useful payloads and bypass for Web Application Security and Pentest/CTF

ALL IN ONE Hacking Tool For Hackers

Impacket is a collection of Python classes for working with network protocols.

Exploitation Framework for Embedded Devices

MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

Credentials recovery project

🔥 Web-application firewalls (WAFs) from security standpoint.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

An enterprise friendly way of detecting and preventing secrets in code.

A python script that finds endpoints in JavaScript files

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, co…

Automatic SSRF fuzzer and exploitation tool

Mimikatz implementation in pure Python

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Automated Security Testing For REST API's

Generates permutations, alterations and mutations of subdomains and then resolves them

Windows exploits, mostly precompiled. Not being updated. Check https://github.com/SecWiki/windows-kernel-exploits instead.

Cyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2/TKIP/IES)

The Offensive Manual Web Application Penetration Testing Framework.

BBT - Bug Bounty Tools (examples💡)

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具

Quick SQLMap Tamper Suggester

hacking-tool termux-tools termux noob-friendly instagram-bot bruteforce-password-cracker wordlist-technique

declutters url lists for crawling/pentesting