A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

You like pytorch? You like micrograd? You love tinygrad! ❤️

Cross-platform, fast, feature-rich, GPU based terminal

Typer, build great CLIs. Easy to code. Based on Python type hints.

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the contr…

A hyperparameter optimization framework

🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

HTTP parameter discovery suite.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

IntelOwl: manage your Threat Intelligence at scale

Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.

💉 Stuff which works in Chrome and maybe Acrobat and Foxit.

Run PowerShell command without invoking powershell.exe

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

Heuristic Vulnerable Parameter Scanner

OS Fingerprint Obfuscation for modern Linux Kernels