🔍 gowitness - a golang, web screenshot utility using Chrome Headless

A Colemak-style keyboard layout for French-speaking typists and programmers.

This repository is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) and HTML sanitizers like DOMPurify.

Predict python's random module generated values.

Dumping DPAPI credz remotely

Rule for hashcat or john. Aiming to crack how people generate their password

#cheat sheet for OSWP

Metasploit Modules for OPC UA

Advanced OPC-UA framework for vulnerability research & exploitation

OAuthlib support for Python-Requests!

Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data

OAuth Security Cheatsheet

SAML2 Burp Extension

Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the Repeater using Python 3 scripts.

This map lists the essential techniques to bypass anti-virus and EDR

SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.

📖 A guide for your daily "professional" interactions

A book series (2 published editions) on the JS language.

Welcome to the XSS Challenge Wiki!

A source code static analysis platform for AppSec enthusiasts.

Easily detect and restore Acropalypse vulnerable PNG and GIF files with simple Python GUI.

Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide

A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing s…

DOM Clobbering Wiki, Browser Testing, and Payload Generation

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

A tool to query for the existence of pre-windows 2000 computer objects.

A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)

Octoscan is a static vulnerability scanner for GitHub action workflows.

CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocke…