Starred repositories
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat…
RSMangler will take a wordlist and perform various manipulations on it similar to those done by John the Ripper with a few extras.
Username tools for penetration testing
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
Automated All-in-One OS Command Injection Exploitation Tool.
A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A cheat sheet that contains advanced queries for SQL Injection of all types.
Basics on commands/tools/info on how to assess the security of mobile applications
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
Fetch all the URLs that the Wayback Machine knows about for a domain
Fast subdomains enumeration tool for penetration testers
E-mails, subdomains and names Harvester - OSINT
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" fo…
A collection of custom security tools for quick needs.