Stars
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Impacket is a collection of Python classes for working with network protocols.
Fast subdomains enumeration tool for penetration testers
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
You Know, For WEB Fuzzing ! 日站用的字典。
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…
A python script that finds endpoints in JavaScript files
A fast sub domain brute tool for pentesters
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
A fast vulnerability scanner helps pentesters pinpoint possibly vulnerable targets from a large number of web servers
Stealing Signatures and Making One Invalid Signature at a Time
Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles
渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework
Windows exploits, mostly precompiled. Not being updated. Check https://github.com/SecWiki/windows-kernel-exploits instead.
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
在线cms识别|信息泄露|工控|系统|物联网安全|cms漏洞扫描|nmap端口扫描|子域名获取|待续..
A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively.
🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.