A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Automatic SQL injection and database takeover tool

E-mails, subdomains and names Harvester - OSINT

Most advanced XSS scanner.

Web path scanner

Incredibly fast crawler designed for OSINT.

Fast subdomains enumeration tool for penetration testers

Multi-Cloud Security Auditing Tool

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Dark Web OSINT Tool

A DNS meta-query spider that enumerates DNS records, and subdomains.

Find leaked secrets via github search

The official Python library for Shodan

A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information colle…

Hi, I'm a library for interacting with GItHub's REST API in a convenient and ergonomic way. I work on Python 3.6+.

Scanning pastebin with yara rules

Find info about user by phone number using GetContact API

HackerOne "in scope" domains

Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure …

ICMP Reverse Shell written in Python 3 and with Scapy (backdoor/rev shell)

GANG-Nuker, This Discord Nuker/Raider has 32+ AMAZING Options! Its ALWAYS up to date with discord and making sure its 100% SAFE for my customers! GANG-Nuker is one of the BEST tools on whole of dis…

Js File Scanner

Command line tool for testing CRLF injection on a list of domains.

Webmin <=1.984, CVE-2022-0824 Post-Auth Reverse Shell PoC

StalkPhish-OSS - The Phishing kits stalker, harvesting phishing kits for investigations.

An Amazon OSINT scraper for potential scam accounts

Discord Token Grabber

MCP wrapper for Hashcat – automate hash cracking with natural language