Stars
UNIX-like reverse engineering framework and command-line toolset
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
The SpecterOps project management and reporting engine
OWASP Foundation web repository
Impacket is a collection of Python classes for working with network protocols.
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…
Testing TLS/SSL encryption anywhere on any port
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Ghidra is a software reverse engineering (SRE) framework
J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
Automated All-in-One OS Command Injection Exploitation Tool.
Pre-Built Vulnerable Environments Based on Docker-Compose
Universal Radio Hacker: Investigate Wireless Protocols Like A Boss
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automa…
Mallet is an intercepting proxy for arbitrary protocols
A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.
Full featured multi arch/os debugger built on top of PyQt5 and frida
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Primefaces <= 5.2.21, 5.3.8 or 6.0 - Remote Code Execution Exploit
Open-source, cross platform Qt based IDE for reverse-engineering Android application packages.
idb is a tool to simplify some common tasks for iOS pentesting and research