Stars
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Impacket is a collection of Python classes for working with network protocols.
E-mails, subdomains and names Harvester - OSINT
A swiss army knife for pentesting networks
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-…
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…
Proxy [Finder | Checker | Server]. HTTP(S) & SOCKS 🎭
A fast sub domain brute tool for pentesters
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
A fast vulnerability scanner helps pentesters pinpoint possibly vulnerable targets from a large number of web servers
Stealing Signatures and Making One Invalid Signature at a Time
HTTP/HTTP2/HTTP3/Socks4/Socks5/Shadowsocks/ShadowsocksR/SSH/Redirect/Pf TCP/UDP asynchronous tunnel proxy implemented in Python 3 asyncio.
A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively.
bayonet是一款src资产管理系统,从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统
Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具
口令爆破字典,有键盘组合字典、拼音字典、字母与数字混合这三种类型
针对 Acunetix AWVS扫描器开发的批量扫描脚本,支持log4j漏洞、SpringShell、SQL注入、XSS、弱口令等专项,支持联动xray、burp、w13scan等被动批量
C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.