Stars
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Download your Spotify playlists and songs along with album art and metadata (from YouTube if a match is found).
Proxy server to bypass Cloudflare protection
OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…
A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
Generates permutations, alterations and mutations of subdomains and then resolves them
Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper us…
This project aims to compare and evaluate the telemetry of various EDR products.
A fresh approach to autocomplete implementations, specially for Django. Status: v4 alpha, v3 stable, v2 & v1 deprecated.
QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G radio frames, among other things.
Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
🐛 A list of writeups from the Google VRP Bug Bounty program
An open source multi-function instrument for everyone
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
A command line tool to download Android applications directly from the Google Play Store by specifying their package name (an initial one-time configuration is required)
Provides automated reverse engineering assistance through the use of local large language models (LLMs) on consumer hardware.
An Intelligent wordlist generator based on user profiling, permutations, and statistics. (Named after the same tool in Mr.Robot series S01E01)
Issues has been disabled for these PoC's, as they are simply PoC, Public Domain and unsupported.
Proof-of-concept obfuscation toolkit for C# post-exploitation tools
bespoke tooling for offensive security's Windows Usermode Exploit Dev course (OSED)
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for m…
Don't let buffer overflows overflow your mind
Automated Recon for Pentesting & Bug Bounty