A list of useful payloads and bypass for Web Application Security and Pentest/CTF

💻 A fully functional local AWS cloud stack. Develop and test your cloud & Serverless apps offline

🔎 Hunt down social media accounts by username across social networks

Clone a voice in 5 seconds to generate arbitrary speech in real-time

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

A JavaScript / TypeScript / Python / C# / PHP cryptocurrency trading API with support for more than 100 bitcoin/altcoin exchanges

Recovers passwords from pixelized screenshots

Automated nginx proxy for Docker containers using docker-gen

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

🕵️‍♂️ Offensive Google framework.

An API wrapper for Discord written in Python.

Impacket is a collection of Python classes for working with network protocols.

Most advanced XSS scanner.

The Rogue Access Point Framework

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

E-mails, subdomains and names Harvester - OSINT

A little word cloud generator in Python

fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readines…

Fast subdomains enumeration tool for penetration testers

Credentials recovery project

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Scan, index, and archive all of your paper documents

Embrace the APIs of the future. Hug aims to make developing APIs as simple as possible, but no simpler.

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

A Python utility / library to sort imports.

Multi-Cloud Security Auditing Tool

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens