A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Transforms complex documents like PDFs into LLM-ready markdown/JSON for your Agentic workflows.

Distributed Task Queue (development branch)

Python ProxyPool for web spider

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Impacket is a collection of Python classes for working with network protocols.

带带弟弟 通用验证码识别OCR pypi版

Fast subdomains enumeration tool for penetration testers

OneForAll是一款功能强大的子域收集工具

Collection of Open Source Projects Related to GPT，GPT相关开源项目合集🚀、精选🔥🔥

Study Notes For Web Hacking / Web安全学习笔记

A fast and reliable background task processing library for Python 3.

WeRoBot 是一个微信公众号开发框架

一个攻防知识库。A knowledge base for red teaming and offensive security.

A fast sub domain brute tool for pentesters

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Source Code Security Audit (源代码安全审计)

JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.

efinance 是一个可以快速获取基金、股票、债券、期货数据的 Python 库，回测以及量化交易的好帮手！🚀🚀🚀

超星学习通/超星尔雅/泛雅超星全自动无人值守完成任务点

A.I.G (AI-Infra-Guard) is a comprehensive, intelligent, and easy-to-use AI Red Teaming platform developed by Tencent Zhuque Lab.

KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。

Stealing Signatures and Making One Invalid Signature at a Time

收集的文章 https://mrwq.github.io/tools/paper/

WEB安全手册(红队安全技能栈)，漏洞理解，漏洞利用，代码审计和渗透测试总结。【持续更新】

A cloudflare verification bypass script for webscraping

微信小程序辅助渗透-自动化

一款信息泄漏利用工具，适用于.git/.svn/.DS_Store泄漏和目录列出

ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes

MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize