Rockyou for web fuzzing

A cat(1) clone with wings.

Framework for Automating Fuzzable Target Discovery with Static Analysis.

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus

Laravel RCE exploit. CVE-2018-15133

PoC for CVE-2022-28281 a Mozilla Firefox Out of bounds write.

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

Collection of Facebook Bug Bounty Writeups

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

How to exploit a double free vulnerability in 2021. Use After Free for Dummies

Documentation for The Psalms - my blog about software’s intersection with culture. Not just for the website - for the entire process (correspondence, notetaking, drafting, *revising*, editorializin…

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

Network utility for sending / receiving TCP, UDP, SSL, HTTP

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

The fastest dork scanner written in Go.

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report

Managed code hooking template.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

PHP Static Analysis Tool - discover bugs in your code without running it!

🤖 The Modern Port Scanner 🤖

Scan only once by IP address and reduce scan times with Nmap for large amounts of data.

xray社区高级版证书生成，仅供学习研究，正常使用请支持正版。removed due to Chaitin requirements & support to version 1.4.4 & learning purpose

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

IntelOwl: manage your Threat Intelligence at scale