The recursive internet scanner for hackers. 🧡

Directory/File, DNS and VHost busting tool written in Go

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

🕵️‍♂️ Offensive Google framework.

Fetch information about a public Google document.

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Ghidra is a software reverse engineering (SRE) framework

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

The ZAP by Checkmarx Core project

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

Dex to Java decompiler

Find, verify, and analyze leaked credentials

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

MCP Server for Ghidra

An OOB interaction gathering server and client library