A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Set up a personal VPN in the cloud

A cross-platform command-line utility that creates projects from cookiecutters (project templates), e.g. Python package projects, C projects.

Google Chromium, sans integration with Google

Turn (almost) any Python command line program into a full GUI application with one line

Bringing Old Photo Back to Life (CVPR 2020 oral)

Impacket is a collection of Python classes for working with network protocols.

Most advanced XSS scanner.

CTF framework and exploit development library

Deduplicating archiver with compression and authenticated encryption.

An interactive command-line HTTP and API testing client built on top of HTTPie featuring autocomplete, syntax highlighting, and more. https://twitter.com/httpie

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

A supercharged Git/GitHub command line interface (CLI). An official integration for GitHub and GitHub Enterprise: https://github.com/works-with/category/desktop-tools

Typefaces for source code beautification

StackStorm (aka "IFTTT for Ops") is event-driven automation for auto-remediation, incident responses, troubleshooting, deployments, and more for DevOps and SREs. Includes rules engine, workflow, 16…

Neural style in TensorFlow! 🎨

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

[NO LONGER MAINTAINED] Command-line utility for auto-generating subtitles for any video file

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…

Mimikatz implementation in pure Python

UAC bypass, Elevate, Persistence methods

Bitcoin arbitrage - opportunity detector

Stealing Signatures and Making One Invalid Signature at a Time

Neural Artistic Style in Python

Just a Bunch Of Plex Scripts

pwning IPv4 via IPv6

A Python stream processing engine modeled after Yahoo! Pipes