The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Data Apps & Dashboards for Python. No JavaScript Required.

A powerful coding agent toolkit providing semantic retrieval and editing capabilities (MCP server & other integrations)

Most advanced XSS scanner.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

HTTP parameter discovery suite.

Python binding for curl-impersonate fork via cffi. A http client that can impersonate browser tls/ja3/http2 fingerprints.

IntelOwl: manage your Threat Intelligence at scale

A command line utility to display dependency tree of the installed Python packages

A PoC backdoor that uses Gmail as a C&C server

Use JSON files as if they are python modules

Borrow cookies from your browser's authenticated session for use in Python scripts.

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

This is a POC to show it is possible to capture enough of a handshake with a user from a fake AP to crack a WPA2 network without knowing the passphrase of the actual AP.

Scrapy download handler that can impersonate browser' TLS signatures or JA3 fingerprints.

Static security checker for Dockerfiles

Nuubi Tools (Information-ghatering|Scanner|Recon.)