A list of useful payloads and bypass for Web Application Security and Pentest/CTF

MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

A tool for quickly evaluating IAM permissions in AWS.

Proof of Concepts

ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.

Excel 4.0 (XLM) Macro Generator for injecting DLLs and EXEs into memory.

An automated target reconnaissance pipeline.

Impacket Fork for Contributing and Sharing Our Knowledge about Windows