A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The Python micro framework for building web applications.

A simple, yet elegant, HTTP library.

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

The uncompromising Python code formatter

Automatic SQL injection and database takeover tool

Pythonic HTML Parsing for Humans™

Web path scanner

An ASGI web server, for Python. 🦄

A swiss army knife for pentesting networks

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Companion code to my O'Reilly book "Flask Web Development", second edition.

A library that allows you to easily mock out tests based on AWS infrastructure.

Python process launching

The comprehensive WSGI web application library.

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Scanning APK file for URIs, endpoints & secrets.

Library for building WebSocket servers and clients in Python

Socket.IO integration for Flask applications.

A fast and reliable background task processing library for Python 3.

Pretty good call graphs for dynamic languages

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, co…

Flask user session management.

Framework for Man-In-The-Middle attacks

Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors

Datetimes for Humans™

Extensible memoizing collections and decorators

Asynchronous Python HTTP Requests for Humans using Futures

Intercept HTTP requests at the Python socket level. Fakes the whole socket module

Deep Learning model to analyze a large corpus of clear text passwords.