A list of useful payloads and bypass for Web Application Security and Pentest/CTF

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Ansible for DevOps examples.

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Tool for Active Directory Certificate Services enumeration and abuse

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

smbclient-ng, a fast and user friendly way to interact with SMB shares.

Just another Powerview alternative but on steroids

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving to…

Automatically scale virtual machines resources on Proxmox hosts

MCP server for JADX-AI Plugin

SMTP user enumeration via VRFY, EXPN and RCPT with clever timeout, retry and reconnect functionality.

A webshell plugin and interactive shell for pentesting a WordPress website.