A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Most advanced XSS scanner.

The Rogue Access Point Framework

E-mails, subdomains and names Harvester - OSINT

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

Incredibly fast crawler designed for OSINT.

Fast subdomains enumeration tool for penetration testers

A swiss army knife for pentesting networks

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

A powerful and user-friendly binary analysis platform!

open-source jailbreaking tool for many iOS devices

🔥 Web-application firewalls (WAFs) from security standpoint.

Web application fuzzer

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Reverse engineering and pentesting for Android applications

Scalable fuzzing infrastructure.

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Automated Mass Exploiter

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Automated All-in-One OS Command Injection Exploitation Tool.

w3af: web application attack and audit framework, the open source web vulnerability scanner.

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

The Leading Security Assessment Framework for Android.

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Framework for Man-In-The-Middle attacks

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.