A list of useful payloads and bypass for Web Application Security and Pentest/CTF

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

Automated pentest framework for offensive security experts

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Collaborative Penetration Test and Vulnerability Management Platform

A collection of JavaScript engine CVEs with PoCs

Advanced vulnerability scanning with Nmap NSE

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-5902、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Potentially dangerous files

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Reverse Shell as a Service

Automatic SSRF fuzzer and exploitation tool

Penetration tests guide based on OWASP including test cases, resources and examples.

Create actionable data from your Vulnerability Scans

Penetration Testing Platform

Vulnerability Labs for security analysis

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

SQL Vulnerability Scanner

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

The Correlated CVE Vulnerability And Threat Intelligence Database API

Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Steal Net-NTLM Hash using Bad-PDF

ES File Explorer Open Port Vulnerability - CVE-2019-6447

A DNS rebinding attack framework.

OPCDE Cybersecurity Conference Materials