A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Hunt down social media accounts by username across social networks

🕵️‍♂️ Collect a dossier on a person by username from 3000+ sites

E-mails, subdomains and names Harvester - OSINT

Web path scanner

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

Snoop — инструмент разведки на основе открытых данных (OSINT world)

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Projects for security students

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to fin…

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

CyberSecurityRSS: A collection of cybersecurity rss to make you better!

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

记录自己编写、修改的部分工具

Bloodhound Reporting for Blue and Purple Teams

Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit

An offensive/defense security toolset for discovery, recon and ethical assessment of AI Agents

Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.