A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Hunt down social media accounts by username across social networks

E-mails, subdomains and names Harvester - OSINT

Web path scanner

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

fsociety Hacking Tools Pack – A Penetration Testing Framework

An open-source post-exploitation framework for students, researchers and developers.

(⌐■_■) - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning.

Infection Monkey - An open-source adversary emulation platform

Web application fuzzer

Open Source Vulnerability Management Platform

Ultimate Python study guide 🐍 🐍 🐍

Study Notes For Web Hacking / Web安全学习笔记

Snoop — инструмент разведки на основе открытых данных (OSINT world)

All In One Web Recon

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments…

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Know the dangers of credential reuse attacks.

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

A Modular Penetration Testing Framework

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

Metadata harvester

Shodan Eye This tool collects all the information about all devices directly connected to the internet using the specified keywords that you enter. Author: Jolanda de Koff

wide range mass audit toolkit

An Intelligent wordlist generator based on user profiling, permutations, and statistics. (Named after the same tool in Mr.Robot series S01E01)

Dorks Eye Google Hacking Dork Scraping and Searching Script. Dorks Eye is a script I made in python 3. With this tool, you can easily find Google Dorks. Dork Eye collects potentially vulnerable web…

IP obfuscator made to make a malicious ip a bit cuter