A list of useful payloads and bypass for Web Application Security and Pentest/CTF

JumpServer is an open-source Privileged Access Management (PAM) platform that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints…

Web path scanner

Incredibly fast crawler designed for OSINT.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

CTFs as you need them

PEDA - Python Exploit Development Assistance for GDB

Automated All-in-One OS Command Injection Exploitation Tool

宝塔Linux面板 - 简单好用的服务器运维面板

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

Automatic SSRF fuzzer and exploitation tool

An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。

Source Code Security Audit (源代码安全审计)

JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.

SSRF (Server Side Request Forgery) testing resources

Tool for advanced mining for content on Github

Notes about attacking Jenkins servers

Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

This project has stopped to maintenance, please to https://github.com/knownsec/pocsuite3 project.

Shamelessly convert any Python 2 script into a terrible single line of code

PHP Internals Book

一键ThinkPHP漏洞检测

SvnExploit支持SVN源代码泄露全版本Dump源码

An Easy / Quick / Cheap Integrated Platform

RCE 0-day for GhostScript 9.50 - Payload generator

Herramienta para evadir disable_functions y open_basedir

提取远程 git 泄露或本地 git 的工具

Rogue MySql Server

Some tools for CTF off line