Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938)

📦 Make security testing of K8s, Docker, and Containerd easier.

Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)

Electro-XSS , a buggy desktop app developed with the Electron framework.

A wrapper around grep, to help you grep for things

declutters url lists for crawling/pentesting

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Challenge handouts, source code, and solutions for UofTCTF 2026

PDF Files for Pentesting

Blind XSS Scanner is a tool that can be used to scan for blind XSS vulnerabilities in web applications.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

A Python library for scraping the Google search engine.

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Drupal enumeration & exploitation tool

RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.

Potentially dangerous files

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

eicar standard antivirus test files

A wordlist of API names for web application assessments

Exploit for ToolShell

Collection of Cyber Threat Intelligence sources from the deep and dark web

POC

Deserialization payload generator for a variety of .NET formatters

Vietnamese wordlists - Most common vietnamese password collection

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …