A list of useful payloads and bypass for Web Application Security and Pentest/CTF

YOLOv5 🚀 in PyTorch > ONNX > CoreML > TFLite

Automatic SQL injection and database takeover tool

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Impacket is a collection of Python classes for working with network protocols.

Best DDoS Attack Script Python3, (Cyber / DDos) Attack With 56 Methods

E-mails, subdomains and names Harvester - OSINT

Web path scanner

Exploitation Framework for Embedded Devices

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Fast subdomains enumeration tool for penetration testers

Credentials recovery project

A GPT-empowered penetration testing tool

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

📱 objection - runtime mobile exploration

A list of free LLM inference resources accessible via API.

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Hunt for security weaknesses in Kubernetes clusters

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

The Network Execution Tool

Windows Exploit Suggester - Next Generation

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws