A list of useful payloads and bypass for Web Application Security and Pentest/CTF

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Automatic SQL injection and database takeover tool

Web APIs for Django. 🎸

Ready-to-use OCR with 80+ supported languages and all popular writing scripts including Latin, Chinese, Arabic, Devanagari, Cyrillic and etc.

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Automated nginx proxy for Docker containers using docker-gen

Impacket is a collection of Python classes for working with network protocols.

MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

PyTorch package for the discrete VAE used for DALL·E.

A powerful and user-friendly binary analysis platform!

CTFs as you need them

Scanning APK file for URIs, endpoints & secrets.

The FLARE team's open-source tool to identify capabilities in executable files.

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Weaponized web shell

A collection of custom security tools for quick needs.

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

Tool for Active Directory Certificate Services enumeration and abuse

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

DNS Enumeration Script

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

Weblogic一键漏洞检测工具，V1.5，更新时间：20200730

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

Struts2全漏洞扫描利用工具

weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力：CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-32…