A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Interact with your documents using the power of GPT, 100% privately, no data leaks

ALL IN ONE Hacking Tool For Hackers

The Rogue Access Point Framework

Nuitka is a Python compiler written in Python. It's fully compatible with Python 2.6, 2.7, 3.4-3.13. You feed it your Python app, it does a lot of clever things, and spits out an executable or exte…

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the contr…

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

CLI tool and python library that converts the output of popular command-line tools, file-types, and common strings to JSON, YAML, or Dictionaries. This allows piping of output to tools like jq and …

🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

HTTP parameter discovery suite.

The FLARE team's open-source tool to identify capabilities in executable files.

Colored logcat script which only shows log entries for a specific application package.

🖥️📱🔔 A utility for sending notifications, on demand and when commands finish.

Fast and powerful SSL/TLS scanning library.

A collection of custom security tools for quick needs.

Hash collisions and exploitations

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

Tool for Active Directory Certificate Services enumeration and abuse

💣 Impulse Denial-of-service ToolKit

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments…

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

Extract credentials from lsass remotely

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

Notes about attacking Jenkins servers

A tool to dump a git repository from a website