A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The best-benchmarked open-source AI memory system. And it's free.

Best DDoS Attack Script Python3, (Cyber / DDos) Attack With 56 Methods

Most advanced XSS scanner.

The Rogue Access Point Framework

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

Open Source Vulnerability Management Platform

Low bandwidth DoS tool. Slowloris rewrite in Python.

PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

claude-red is a curated library of offensive security skills designed for the Claude skills system. Each skill is a structured SKILL.md file that primes Claude with expert-level methodology for a s…

NucleiFuzzer is a robust automation tool that efficiently detects web application vulnerabilities, including XSS, SQLi, SSRF, and Open Redirects, leveraging advanced scanning and URL enumeration te…

QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G radio frames, among other things.

best tool for finding SQLi,CRLF,XSS,LFi,OpenRedirect

Collaborative Incident Response platform

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automa…

An AI-powered threat modeling tool that leverages OpenAI's GPT models to generate threat models for a given application based on the STRIDE methodology.

Scalable Python web scraping scripts for +40 popular domains

Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.

MCP server for AI-driven security pipelines

skytrack is a planespotting and aircraft OSINT tool made using Python 🛩🔍

Open-source URL masking & analysis tool for security research, phishing awareness, and defensive testing. Demonstrates adversary techniques used to disguise malicious links.

Analyze Android native `.so` files

Deobfuscate "paranoid" protected apps

DeepSeek Pentest AI - Burp Suite extension

A flexible internet crawler used for scanning technologies, instances and vulnerabilities worldwide across the internet.

Pegasus Loki Rat is Whatsapp RAT, it integrates new modules, like recording , lockscreen , and locate options. Pegasus Loki RAT is a Python Remote Access Tool.