A list of useful payloads and bypass for Web Application Security and Pentest/CTF

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

An easy and fast way to create a Python GUI 🐍

OneForAll是一款功能强大的子域收集工具

A swiss army knife for pentesting networks

📱 objection - runtime mobile exploration

You Know, For WEB Fuzzing !

The most powerful Android RPA agent framework, next generation of mobile automation robots.

本项目集成了全网优秀的攻防武器工具项目，包含自动化利用，子域名、目录扫描、端口扫描等信息收集工具，各大中间件、cms、OA漏洞利用工具，爆破工具、内网横向、免杀、社工钓鱼以及应急响应、甲方安全资料等其他安全攻防资料。

RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Scanning APK file for URIs, endpoints & secrets.

Top disclosed reports from HackerOne

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search.

一个攻防知识库。A knowledge base for red teaming and offensive security.

Symbolic execution tool

Arsenal is just a quick inventory and launcher for hacking programs

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Automatic SSRF fuzzer and exploitation tool

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

渗透测试报告/资料文档/渗透经验文档/安全书籍

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

各种漏洞poc、Exp的收集或编写

A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

Open source vulnerability DB and triage service.

利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点

🐈Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中