A list of useful payloads and bypass for Web Application Security and Pentest/CTF
-
Updated
Jun 10, 2024 - Python
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
Automatic SSRF fuzzer and exploitation tool
The Network Execution Tool
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
SSRF (Server Side Request Forgery) testing resources
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to fin…
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http:https://owtf.org https://twitter.com/owtfp
python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
ODAT: Oracle Database Attacking Tool
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Add a description, image, and links to the pentest topic page so that developers can more easily learn about it.
To associate your repository with the pentest topic, visit your repo's landing page and select "manage topics."