A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A simple, yet elegant, HTTP library.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

If you live in the terminal, kitty is made for you! Cross-platform, fast, feature-rich, GPU based.

Official repository for IPython itself. Other repos in the IPython organization contain things like the website, documentation builds, etc.

Most advanced XSS scanner.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Exploit Development and Reverse Engineering with GDB & LLDB Made Easy

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

CTFs as you need them

HTTP parameter discovery suite.

The perfect emulation setup to study and develop the Linux kernel, kernel modules, QEMU, gem5 and x86_64, ARMv7 and ARMv8 userland and baremetal assembly, ANSI C, C++ and POSIX. GDB step debug and …

Framework for Man-In-The-Middle attacks

Tool for Active Directory Certificate Services enumeration and abuse

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive …

SysWhispers on Steroids - AV/EDR evasion via direct system calls.

This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010

Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

Intelligent login bruteforcer.

Modern tactical exploitation toolkit.

Payload Development Framework

A script that helps you understand why your E-Mail ended up in Spam

Modified version of the passing-the-hash tool collection made to work straight out of the box

Maximizing BloodHound. Max is a good boy.

A library for parsing .DS_Store files and extracting file names

python script setting up a transparent proxy to forward all TCP and DNS traffic through a SOCKS / SOCKS5 or HTTP(CONNECT) proxy using iptables -j REDIRECT target

🔓 Padding oracle attack against PKCS7 🔓

The Web Audit Search Engine - Index and Search HTTP Requests and Responses in Web Application Audits with ElasticSearch

Just a simple radare2 Jupyter kernel

Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]