A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Automatic SQL injection and database takeover tool

The Rogue Access Point Framework

Web path scanner

Incredibly fast crawler designed for OSINT.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

HTTP parameter discovery suite.

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, co…

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

Subdomain enumeration and information gathering tool

A PoC backdoor that uses Gmail as a C&C server

massive SQL injection vulnerability scanner

Cloak can backdoor any python script with some tricks.

port of mimipenguin.sh in python with some additional protection features

some python3 functions to add spreading features to any python backdoor

Python virus that will make your pc paralyzed once it opened :D