A list of useful payloads and bypass for Web Application Security and Pentest/CTF

⏬ Dumb downloader that scrapes the web

基于Python的开源量化交易平台开发框架

JumpServer is an open-source Privileged Access Management (PAM) platform that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints…

数据结构和算法必知必会的50个代码实现

Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.

Most advanced XSS scanner.

Exploitation Framework for Embedded Devices

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

微信助手：1.每日定时给好友（女友）发送定制消息。2.机器人自动回复好友。3.群助手功能（例如：查询垃圾分类、天气、日历、电影实时票房、快递物流、PM2.5等）

Exploit Development and Reverse Engineering with GDB & LLDB Made Easy

OneForAll是一款功能强大的子域收集工具

Come and join us, we need you!

Companion code to my O'Reilly book "Flask Web Development", second edition.

📱 objection - runtime mobile exploration

A powerful and user-friendly binary analysis platform!

安卓应用层抓包通杀脚本

SQL 审核查询平台

An Efficient ProxyPool with Getter, Tester and Server

Reverse engineering and pentesting for Android applications

Scanning APK file for URIs, endpoints & secrets.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

爆破字典

Top disclosed reports from HackerOne

Google CTF

The Leading Security Assessment Framework for Android.

安卓应用安全学习

A python script that finds endpoints in JavaScript files

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。