A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Hunt down social media accounts by username across social networks

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

🕵️‍♂️ Offensive Google framework.

🕵️‍♂️ Collect a dossier on a person by username from thousands of sites

Impacket is a collection of Python classes for working with network protocols.

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Credentials recovery project

A swiss army knife for pentesting networks

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Malicious traffic detection system

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

HTTP parameter discovery suite.

Cowrie SSH/Telnet Honeypot https://docs.cowrie.org/

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Loki - Simple IOC and YARA Scanner

Arsenal is just a quick inventory and launcher for hacking programs

Weaponized web shell

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

Dark Web OSINT Tool

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

Mimikatz implementation in pure Python

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Watch (parts of) webpages and get notified when something changes via e-mail, on your phone or via other means. Highly configurable.

JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.

Investigate malicious Windows logon by visualizing and analyzing Windows event log