PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

Git All the Payloads! A collection of web attack payloads.

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

A tool for adding new lines to files, skipping duplicates

Edge Removal - Completely remove Edge in Windows

A couple of different scripts, made to automate attacks against NoSQL databases.

GameOver(lay) Ubuntu Privilege Escalation

A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper us…

CTF challenge (mostly pwn) files, scripts etc

An script to perform kerberos bruteforcing by using impacket

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

https://cve.mitre.org/

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation

Ye olde root shell for ye olde httpd

Google CTF

A swiss army knife for pentesting networks

Automatic SQL injection and database takeover tool

PowerSploit - A PowerShell Post-Exploitation Framework

Empire is a PowerShell and Python post-exploitation agent.

The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

The ultimate WinRM shell for hacking/pentesting

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

DNSChef - DNS proxy for Penetration Testers and Malware Analysts