📚 Freely available programming books

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

ALL IN ONE Hacking Tool For Hackers

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Automatic SQL injection and database takeover tool

Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.

A book-in-progress about the Linux kernel and its insides.

Experience macOS just like before

Most advanced XSS scanner.

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

The Rogue Access Point Framework

Web path scanner

CTF framework and exploit development library

Exploitation Framework for Embedded Devices

Incredibly fast crawler designed for OSINT.

Modular visual interface for GDB in Python

Fast subdomains enumeration tool for penetration testers

Fuzzy String Matching in Python

A swiss army knife for pentesting networks

📱 objection - runtime mobile exploration

You Know, For WEB Fuzzing !

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

An advanced memory forensics framework

Web application fuzzer

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

📂 🐇 🎩 See what a program does before deciding whether you really want it to happen (NO LONGER MAINTAINED)

A hacky debugger UI for hackers

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

HTTP parameter discovery suite.