A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The world's simplest facial recognition api for Python and the command line

We have made you a wrapper you can't refuse

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Impacket is a collection of Python classes for working with network protocols.

A fast TCP/UDP tunnel over HTTP

Six Degrees of Domain Admin

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

DEPRECATED; see https://github.com/boot2docker/boot2docker/pull/1408

A swiss army knife for pentesting networks

An advanced memory forensics framework

Docker official jenkins repo

A list of interesting payloads, tips and tricks for bug bounty hunters.

Open Cyber Threat Intelligence Platform

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

Collection of Cyber Threat Intelligence sources from the deep and dark web

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

A repository with 3 tools for pwn'ing websites with .git repositories available

DevSecOps, ASPM, Vulnerability Management. All on one platform.

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

Weaponized web shell

Deserialization payload generator for a variety of .NET formatters

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

PyInstaller Extractor

A tool to perform Kerberos pre-auth bruteforcing

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Tool for Active Directory Certificate Services enumeration and abuse

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9…

WebSocket cat

Writeups for HacktheBox 'boot2root' machines