Stars
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
🕷️ An undetectable, powerful, flexible, high-performance Python library to make Web Scraping Easy and Effortless as it should be!
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Cybersecurity AI (CAI), the framework for AI Security
An OSINT tool to search for accounts by username and email in social networks.
Top disclosed reports from HackerOne
SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
đź’€ Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
Automatic SSRF fuzzer and exploitation tool
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
Tool for Active Directory Certificate Services enumeration and abuse
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
OSINT Tool: Generate username lists for companies on LinkedIn
Burp Plugin to Bypass WAFs through the insertion of Junk Data
Username enumeration and password spraying tool aimed at Microsoft O365.
Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
Android security insights in full spectrum.
A simple tool for bypassing file upload restrictions.
A reverse engineering tool for decompiling and disassembling the React Native Hermes bytecode
Just another Powerview alternative but on steroids
Windows Remote Administration Tool that uses Discord, Telegram and GitHub as C2s
Find, analyze, and check for exposed IP cameras with open ports, known vulnerabilities, and weak login credentials.
Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…