A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Open Source Vulnerability Management Platform

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Automatic SSRF fuzzer and exploitation tool

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

Open source vulnerability DB and triage service.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Create actionable data from your Vulnerability Scans

Penetration Testing Platform

Quark Agent - Your AI-powered Android APK Analyst

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

IoT固件漏洞复现环境

Vulnerability Labs for security analysis

Steal Net-NTLM Hash using Bad-PDF

hack tools

The Correlated CVE Vulnerability And Threat Intelligence Database API

The EXCLUSIVE Collection of 40,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

Burp Suite Certified Practitioner Exam Study