A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Open Source Vulnerability Management Platform

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Automatic SSRF fuzzer and exploitation tool

Open source vulnerability DB and triage service.

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Quark Agent - Your AI-powered Android APK Analyst

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

Create actionable data from your Vulnerability Scans

Penetration Testing Platform

IoT固件漏洞复现环境

Burp Suite Certified Practitioner Exam Study

Vulnerability Labs for security analysis

secator - the pentester's swiss knife

hack tools

Steal Net-NTLM Hash using Bad-PDF

60k+ WordPress Nuclei templates, updated daily from Wordfence intel—filter by severity/tags/CVE and scan in one line. 🚀🔒