SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

This is a webshell open source project

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

Single-file PHP shell

FruityWiFi is a wireless network auditing tool. The application can be installed in any Debian based system (Jessie) adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspber…

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Hashtopolis - distributed password cracking with Hashcat

An Alert Management Web Application

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Exploitation for XSS

Advanced Web Shell

365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.

Simple spam prevention package for Laravel applications

Simple php reverse shell implemented using binary .

CMS auto detect and exploit.

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

All my Hacking|Pentesting Notes

PowerShell Empire Web Interface

Toolkit to detect and keep track on Blind XSS, XXE & SSRF

Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and stores them in a file.

Bucky (An automatic S3 bucket discovery tool)

Open Source Network Forensic Analysis Tool (NFAT)

B4TM4N ~ PHP WEBSHELL

Active Directory permissions (ACL/ACE) auditing tools

Visualize statistics from a Kippo SSH honeypot

Bug7sec Team - ransomware open source (web)

An app that prevents uploading files that have names that are linked to known ransomware

A Python and ruby script to automate rogue AP process

Honeypot type for Symfony forms