A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Hunt down social media accounts by username across social networks

ALL IN ONE Hacking Tool For Hackers

30 days of Python programming challenge is a step-by-step guide to learn the Python programming language in 30 days. This challenge may take more than 100 days, follow your own pace. These videos m…

Impacket is a collection of Python classes for working with network protocols.

Most advanced XSS scanner.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Compilation of Resources from TCM's Practical Ethical Hacking Udemy Course

Reverse engineering and pentesting for Android applications

Automated All-in-One OS Command Injection Exploitation Tool.

Common User Passwords Profiler (CUPP)

Top disclosed reports from HackerOne

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

Windows Exploit Suggester - Next Generation

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, co…

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

📚A repository that contains all the Data Structures and Algorithms concepts and solutions to various problems in Python3 stored in a structured manner.👨‍💻🎯

Windows exploits, mostly precompiled. Not being updated. Check https://github.com/SecWiki/windows-kernel-exploits instead.

Crack hashes in seconds.

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelistin…

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥

⛔ offsec batteries included

A Telegram Mass Surveillance Bot in Python

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010