A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Automatic SQL injection and database takeover tool

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Most advanced XSS scanner.

E-mails, subdomains and names Harvester - OSINT

Fast subdomains enumeration tool for penetration testers

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Automated All-in-One OS Command Injection Exploitation Tool.

Common User Passwords Profiler (CUPP)

Interactive Tutorials

A collection of custom security tools for quick needs.

Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.

Tools & Interesting Things for RedTeam Ops

Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat…

CTF challenge (mostly pwn) files, scripts etc

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

An XSS exploitation command-line interface and payload generator.

Python for Offensive PenTest, published by Packt

A Python based ingestor for BloodHound