A list of useful payloads and bypass for Web Application Security and Pentest/CTF

the only cheat sheet you need

CTF framework and exploit development library

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

The Deepfake Offensive Toolkit

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

Top disclosed reports from HackerOne

Tool to look for several security related Android application vulnerabilities

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.

The EXCLUSIVE Collection of 38,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

An OSINT tool that helps detect members of a company with leaked credentials

A Python high-performance screen capture library for Windows using Desktop Duplication API

Academic purposes only. Attack against Salesforce lightning with guest privilege.

The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the AWS…