PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit/64-bit ARM, 8-bit AVR and 32-bit RISC-V architectures.

Beetlebug is an open source insecure Android application with CTF challenges built for Android Penetration Testers and Bug Bounty hunters.

Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penet…

OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar

A fancier postMessage tracker with Chrome Manifest version V3 support and a few additional features, inspired by Frans Rosens postmessage tracker.

pull decrypted ipa from jailbreak device

A cross-platform protocol library to communicate with iOS devices

A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken

WinSCP is a popular free file manager for Windows supporting SFTP, FTP, FTPS, SCP, S3, WebDAV and local-to-local file transfers. A powerful tool to enhance your productivity with a user-friendly in…

Alpine & Debian-based distro that lets you install palera1n.

Companion repository to the "Modern Embedded Systems Programming" video course.

CeWL is a Custom Word List Generator

Scapy: the Python-based interactive packet manipulation program & library.

A collection of JavaScript engine CVEs with PoCs

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

A tool to dump a git repository from a website

A repository for learning various heap exploitation techniques.

Linux kernel source tree

Google CTF

Cybersecurity AI (CAI), the framework for AI Security

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

get things from one computer to another, safely

GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

Best and simplest tool for website change detection, web page monitoring, and website change alerts. Perfect for tracking content changes, price drops, restock alerts, and website defacement monito…

🙃 A delightful community-driven (with 2,400+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python…