A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Automatic SQL injection and database takeover tool

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

🕵️‍♂️ Offensive Google framework.

Most advanced XSS scanner.

Web path scanner

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the contr…

A swiss army knife for pentesting networks

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

HTTP parameter discovery suite.

Scanning APK file for URIs, endpoints & secrets.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

IntelOwl: manage your Threat Intelligence at scale

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

A collection of custom security tools for quick needs.

Lazy Predict help build a lot of basic models without much code and helps understand which models works better without any parameter tuning

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

Striker is an offensive information and vulnerability scanner.

🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nln…

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

CORS Misconfiguration Scanner

Docker security analysis & hacking tools

An XSS exploitation command-line interface and payload generator.

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

A fuzzer for detecting open redirect vulnerabilities

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.

JShell - Get a JavaScript shell with XSS.

Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound