A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

OneForAll是一款功能强大的子域收集工具

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Windows Exploit Suggester - Next Generation

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…

Knock Subdomain Scan

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Privilege Escalation Project - Windows / Linux / Mac

Stealing Signatures and Making One Invalid Signature at a Time

一款信息泄漏利用工具，适用于.git/.svn/.DS_Store泄漏和目录列出

trzsz is a simple file transfer tools, similar to lrzsz ( rz / sz ), and compatible with tmux.

动态多线程敏感信息泄露检测工具

Enumeration sub domains(枚举子域名)

漏洞批量验证框架

免杀webshell生成工具

Standalone binaries for Linux/Windows of Impacket's examples

🍪 Flask Session Cookie Decoder/Encoder

weblogic 漏洞扫描工具

渗透 超全面的渗透资料💯 包含：0day，xss，sql注入，提权……

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible…

Generate config for Mac Surge to use SSR & V2RAY