A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Web path scanner

CTF framework and exploit development library

Come and join us, we need you!

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Study Notes For Web Hacking / Web安全学习笔记

Veil 3.1.X (Check version info in Veil at runtime)

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

A fast sub domain brute tool for pentesters

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

This project has stopped to maintenance, please to https://github.com/knownsec/pocsuite3 project.

Redis 4.x/5.x RCE

application server attack toolkit

12306自动抢票软件