A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

Top disclosed reports from HackerOne

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Automatic SSRF fuzzer and exploitation tool

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

陌陌风控系统静态规则引擎，零基础简易便捷的配置多种复杂规则，实时高效管控用户异常行为。

🆕 The Multi-Tool Web Vulnerability Scanner.

Run PowerShell command without invoking powershell.exe

🐛 A list of writeups from the Google VRP Bug Bounty program

A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)

知道创宇研发技能表

Blind WAF identification tool

Python3 o365 User Enumeration Tool

HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907

Standalone implementation of a part of the WSUS spec. Built for offensive security purposes.

Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).

This tool is for automate the initial things that we usually do in daily pentesting. So you can focus more on the main target.

Generic plugin based web application security fuzzing for anomalies by Slándáil Research Limited