A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

🕵️‍♂️ Offensive Google framework.

Web path scanner

An open source multi-tool for exploring and publishing data

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

HTTP parameter discovery suite.

Requests + Gevent = <3

Automatic SSRF fuzzer and exploitation tool

media downloader and library for various sites.

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

Mass scan IPs for vulnerable services

A tool to link a domain with registered organisation names and emails, to other domains.

WPScan rewritten in Python + some WPSeku ideas

Web Application Security Scanner

Repository for hosting my research papers

skytrack is a planespotting and aircraft OSINT tool made using Python 🛩🔍

TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.

Simply generates a wordpress plugin that will grant you a reverse shell once uploaded. I recommend installing Kali Linux, as msfvenom is used to generate the payload.

These are the regexes that power truffleHog

Weaponizing Live CT logs for automated monitoring of assets

A wordlist that is kept up to date with the latest headlines to provide relevant words to human society