A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Automatic SQL injection and database takeover tool

one-click face swap

Intelligent automation and multi-agent orchestration for Claude Code

Pythonic HTML Parsing for Humans™

Expose your FastAPI endpoints as Model Context Protocol (MCP) tools, with Auth!

A swiss army knife for pentesting networks

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

SQL for Humans™

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

Intelligent proxy pool for Humans™ to extract content from the internet and build your own Large Language Models in this new AI era

Automatic SSRF fuzzer and exploitation tool

Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors

Mimikatz implementation in pure Python

KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive …

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

massive SQL injection vulnerability scanner

smbclient-ng, a fast and user friendly way to interact with SMB shares.

Irregular methods on regular expressions

Python / C# Unmanaged PowerShell based RAT

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

Modified version of the passing-the-hash tool collection made to work straight out of the box

JShell - Get a JavaScript shell with XSS.

Maximizing BloodHound. Max is a good boy.

morphHTA - Morphing Cobalt Strike's evil.HTA

simple script to extract all web resources by means of .SVN folder exposed over network.