A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Awesome XSS stuff

Git All the Payloads! A collection of web attack payloads.

The LAZY script will make your life easier, and of course faster.

Python Remote Administration Tool (RAT)

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Penetration tests guide based on OWASP including test cases, resources and examples.

🔥 CHAOS is a PoC that allow generate payloads and control remote operating systems.

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Python antivirus evasion tool

C++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)

MSFvenom Payload Creator (MSFPC)

A collection of various GitHub gists for hackers, pentesters and security researchers

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

HERCULES is a special payload generator that can bypass antivirus softwares.

🎯 Command Injection Payload List

A framework for Backdoor development!

Reflective PE packer.

Cloak can backdoor any python script with some tricks.

🐈Medusa是一个漏洞扫描、漏洞利用、子域名探测、C段扫描、资产发现、敏感信息检测等功能一体化平台。目前收录漏洞200+ http://medusa.ascotbe.com

transform your payload.exe into one fake word doc (.ppt)

🎯 SQL Injection Payload List

Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

This repository contains full code examples from the book Gray Hat C#

MS17-010: Python and Meterpreter

This repository contains payload to test NoSQL Injections

Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners.