A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Find leaked secrets via github search

declutters url lists for crawling/pentesting

Check your WAF before an attacker does

Burp Plugin to Bypass WAFs through the insertion of Junk Data

A Python library for scraping the Google search engine.

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Drupal enumeration & exploitation tool

Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938)

RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.

Challenge handouts, source code, and solutions for UofTCTF 2026

Exploit for ToolShell