A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Web path scanner

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

视频硬字幕提取，生成srt文件。无需申请第三方API，本地实现文本识别。基于深度学习的视频字幕提取框架，包含字幕区域检测、字幕内容提取。A GUI tool for extracting hard-coded subtitle (hardsub) from videos and generating srt files.

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

Stealing Signatures and Making One Invalid Signature at a Time

A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX

大宝剑-边界资产梳理工具（红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配）

Python / C# Unmanaged PowerShell based RAT

Open source pre-operation C2 server based on python and powershell

Scanner for CVE-2020-0796 - SMBv3 RCE

THorse is a RAT (Remote Administrator Trojan) Generator for Windows/Linux systems written in Python 3.