A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The official gpt4free repository | various collection of powerful language models | o4, o3 and deepseek r1, gpt-4.1, gemini 2.5

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

A swiss army knife for pentesting networks

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.

awesome game security [Welcome to PR]

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

DKMC - Dont kill my cat - Malicious payload evasion tool

SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated exploits.

A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX

Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

PowerShell Script Obfuscator

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Automated script to convert and push Burp Suite certificate in Android, and modify Android's IP table to redirect all traffic to Burp Suite.

⚡ A Captive Portal & Access Point setup for use with the Raspberry Pi (no Internet access)

Python2 / BASH / VBS- UAC D&E Rubber Ducky