A list of useful payloads and bypass for Web Application Security and Pentest/CTF

YOLOv5 🚀 in PyTorch > ONNX > CoreML > TFLite

Automatic SQL injection and database takeover tool

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Impacket is a collection of Python classes for working with network protocols.

Best DDoS Attack Script Python3, (Cyber / DDos) Attack With 56 Methods

E-mails, subdomains and names Harvester - OSINT

Web path scanner

Exploitation Framework for Embedded Devices

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Fast subdomains enumeration tool for penetration testers

Credentials recovery project

A GPT-empowered penetration testing tool

📱 objection - runtime mobile exploration

A list of free LLM inference resources accessible via API.

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Hunt for security weaknesses in Kubernetes clusters

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

The Network Execution Tool

Windows Exploit Suggester - Next Generation

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

Tool for Active Directory Certificate Services enumeration and abuse