An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites.

Command line tool to fetch, decode and brute-force CodeIgniter session cookies by guessing and bruteforcing secret keys.

Awesome list of step by step techniques to achieve Remote Code Execution on various apps!

A python script to check if URLs are allowed or disallowed by a robots.txt file.

A webshell plugin and interactive shell for pentesting a WordPress website.

CVE-2022-30780 - lighttpd remote denial of service

A webshell plugin and interactive shell for pentesting a SweetRice website.

Exploit to trigger RCE for CVE-2018-16763 on FuelCMS <= 1.4.1 and interactive shell.

A webshell plugin and interactive shell for pentesting a LimeSurvey application.

A webshell plugin and interactive shell for pentesting a Joomla website.

A webshell plugin and interactive shell for pentesting a Moodle instance.

This Python script can be used to bypass IP source restrictions using HTTP headers.

A webshell plugin and interactive shell for pentesting JoGet application.

A webshell application and interactive shell for pentesting Apache Tomcat servers.

A collection of http fuzzing python scripts to fuzz HTTP servers for bugs.

A Python script to extract the serial number of a remote Fortinet device.

A python exploit to automatically dump all the data stored by the auto-completion plugin of Ametys CMS to a local sqlite database file.

Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability

A script to exploit CVE-2020-14144 - GiTea authenticated Remote Code Execution using git hooks

This Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.

Hydra wrapper for bruteforcing Microsoft Outlook Web Application.

A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

MailMasta wordpress plugin Local File Inclusion vulnerability (CVE-2016-10956)

Python script to check if there is any differences in responses of an application when the request comes from a search engine's crawler.

A script to automatically dump all URLs present in /server-status to a file locally.

A python script to scan for Apache Tomcat server vulnerabilities.

Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code.

A complete table of results of types comparison in multiple languages

IIS shortname scanner written in Go