A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Open-source AI agents for penetration testing

Web path scanner

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Automated Penetration Testing Agentic Framework Powered by Large Language Models

Infection Monkey - An open-source adversary emulation platform

Open Source Vulnerability Management Platform

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

Study Notes For Web Hacking / Web安全学习笔记

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

Knock Subdomain Scan

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Awesome hacking is an awesome collection of hacking tools.

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

Automated NoSQL database enumeration and web application exploitation tool.

Fully featured and community-driven hacking environment

Low bandwidth DoS tool. Slowloris rewrite in Python.

Automated Security Testing For REST API's