🦊 I respect proton UI and aim to improve it.

A screencast tool to display your keys inspired by Screenflick

Blazing fast, instant realtime GraphQL APIs on your DB with fine grained access control, also trigger webhooks on database events.

Deserialization payload generator for a variety of .NET formatters

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

This repository holds all the list of advanced XSS payloads that can be used in penetration testing. These payloads can be loaded into XSS scanners as well.

🎯 XML External Entity (XXE) Injection Payload List

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Fetch all the URLs that the Wayback Machine knows about for a domain

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

Take a list of domains and probe for working HTTP and HTTPS servers

In-depth attack surface mapping and asset discovery

Find domains and subdomains related to a given domain

Kerberoast attack -pure python-

gpp-decrypt

Mimikatz implementation in pure Python

A little tool to play with Windows security

A swiss army knife for pentesting networks

A Python based ingestor for BloodHound

Six Degrees of Domain Admin

PowerSploit - A PowerShell Post-Exploitation Framework

pwning IPv4 via IPv6

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords