A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Automatic SQL injection and database takeover tool

The Rogue Access Point Framework

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Install and Run Python Applications in Isolated Environments

A swiss army knife for pentesting networks

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

(⌐■_■) - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning.

A terminal spreadsheet multitool for discovering and arranging data

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

HTTP parameter discovery suite.

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Framework for Man-In-The-Middle attacks

xlwings is a Python library that makes it easy to call Python from Excel and vice versa. It works with Excel on Windows and macOS as well as with Google Sheets and Excel on the web.

Tool for Active Directory Certificate Services enumeration and abuse

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

(⌐■_■) - Raspberry Pi instrumenting Bettercap for Wi-Fi pwning.

pip script installer

Sublime Text plugin for EditorConfig - Helps developers maintain consistent coding styles between different editors

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥

Generates millions of keyword-based password mutations in seconds.

A PoC backdoor that uses Gmail as a C&C server

SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated exploits.

Payload Development Framework