A list of useful payloads and bypass for Web Application Security and Pentest/CTF

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Impacket is a collection of Python classes for working with network protocols.

Exploitation Framework for Embedded Devices

Library for building powerful interactive command line applications in Python

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Make Python great again

PEDA - Python Exploit Development Assistance for GDB

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, a…

Diaphora, the most advanced Free and Open Source program diffing tool.

Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors

Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.

JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.

Python Lex-Yacc

A Coverage Explorer for Reverse Engineers

Modern Honey Network

IDA Pro utilities from FLARE team

Corelan Repository for mona.py

A lightweight library that adds job scheduling capabilities to RQ (Redis Queue)

Decrypts and logs a process's SSL traffic.

The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.

A DHT in Python using asyncio

Ansible playbook collection that have been written for Ubuntu. Some of the playbooks are Elasticsearch, Mesos, AWS, MySql, Sensu, Nginx etc..

Public repository for windbglib, a wrapper around pykd.pyd (for Windbg), used by mona.py

Turns Snapchat into a datastore that can manage and store your files.

An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈

Framework for Testing WAFs (FTW!)

A simple Python script to exploit the OpenSSH User Enumeration Timing Attack.