A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🕵️‍♂️ Offensive Google framework.

An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.

🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

Phishing catcher using Certstream

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.

☁️ Azure summary in bullet points

Online hash checker for Virustotal and other services

A Holistic OSINT and Threat Hunting Platform

USB key cleaner

A GUI and CLI tool for removing bloat from executables

Tool based on CobaltStrikeParser from SentinelOne which can be used to spam a CobaltStrike server with fake beacons

Hunting Newly Registered Domains

an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques

This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

PatrowlHears - Vulnerability Intelligence Center / Exploits

A crowdsourced list of undesirable Twitter accounts