A list of useful payloads and bypass for Web Application Security and Pentest/CTF

windows-kernel-exploits Windows平台提权漏洞集合

Web path scanner

hydra

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Automated pentest framework for offensive security experts

linux-kernel-exploits Linux平台提权漏洞集合

A list of resources for those interested in getting started in bug bounties

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

A curated list of awesome infosec courses and training resources.

📱 objection - runtime mobile exploration

Next generation web scanner

Git All the Payloads! A collection of web attack payloads.

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Collection of the cheat sheets useful for pentesting

XSS'OR - Hack with JavaScript.

大型内网渗透扫描器&Cobalt Strike，Ladon7.0内置83个模块，包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列，密码口令爆破(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、LDAP、SmbHash、WmiHash、Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Automated Phishing Tool & Information Collector

SSRF (Server Side Request Forgery) testing resources

A powerful and useful hacker dictionary builder for a brute-force attack

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

The ultimate WinRM shell for hacking/pentesting

Pop shells like a master.

Collection of quality safety articles

Automatic SSRF fuzzer and exploitation tool

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network