A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Most advanced XSS scanner.

🕷️ An undetectable, powerful, flexible, high-performance Python library to make Web Scraping Easy and Effortless as it should be!

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Automatic SSRF fuzzer and exploitation tool

Tool for Active Directory Certificate Services enumeration and abuse

Just another Powerview alternative but on steroids

Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

Execute commands interactively on remote Windows machines using the WinRM protocol

GenZ Shellcode Generator to execute commands with winExec API