A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Impacket is a collection of Python classes for working with network protocols.

Most advanced XSS scanner.

Web path scanner

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Automated Mass Exploiter

Hunt for security weaknesses in Kubernetes clusters

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

File upload vulnerability scanner and exploitation tool.

Investigate malicious Windows logon by visualizing and analyzing Windows event log

AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation

pwning IPv4 via IPv6

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Bloodhound Reporting for Blue and Purple Teams

A framework for wireless pentesting.

Builds malware analysis Windows VMs so that you don't have to.

HomePwn - Swiss Army Knife for Pentesting of IoT Devices

An archive of low-level CTF challenges developed over the years

Automated Payload Reverse Engineering Pipeline for the Controller Area Network (CAN) protocol

Python API wrapper and command-line client for the tools hosted on spyse.com.

Tools for BugHunting

penetration testing scripts