"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Single-file PHP shell

Execute commands interactively on remote Windows machines using the WinRM protocol

Compiled UACME

PHP shells that work on Linux OS, macOS, and Windows OS.

Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

A webshell and a normal file that have the same MD5

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

A fast WordPress plugin enumeration tool

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocke…

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Most advanced XSS scanner.

Accurately Locate Smartphones using Social Engineering

Just another Powerview alternative but on steroids

A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Self contained htaccess shells and attacks

🕷️ An undetectable, powerful, flexible, high-performance Python library to make Web Scraping Easy and Effortless as it should be!

GenZ Shellcode Generator to execute commands with winExec API

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Frida scripts to rewrite mobile applications at runtime to directly MitM all HTTPS traffic

Automatic SSRF fuzzer and exploitation tool

Plugin for JADX to integrate MCP server

📜 Yet another collection of wordlists

Go script for bypassing 403 forbidden

All about bug bounty (bypasses, payloads, and etc)