A list of useful payloads and bypass for Web Application Security and Pentest/CTF

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Automatic SQL injection and database takeover tool

JumpServer is an open-source Privileged Access Management (PAM) platform that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints…

E-mails, subdomains and names Harvester - OSINT

Impacket is a collection of Python classes for working with network protocols.

微信机器人 / 可能是最优雅的微信个人号 API ✨✨

Web path scanner

Exploitation Framework for Embedded Devices

Fast subdomains enumeration tool for penetration testers

Credentials recovery project

网易云音乐命令行版本

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Nginx configuration static analyzer

You Know, For WEB Fuzzing !

Malicious traffic detection system

安卓应用层抓包通杀脚本

CTFs as you need them

基于搜狗微信搜索的微信公众号爬虫接口

Cowrie SSH/Telnet Honeypot https://docs.cowrie.org/

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Automated All-in-One OS Command Injection Exploitation Tool

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Using the jedi autocompletion library for VIM.

爆破字典

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

⚡ A distributed crawler for weibo, building with celery and requests.

查看被删的微信好友

A frida tool to dump dex in memory to support security engineers analyzing malware.

The Leading Security Assessment Framework for Android.