A list of useful payloads and bypass for Web Application Security and Pentest/CTF

In-depth Attack Surface Mapping and Asset Discovery

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

A high performance offensive security tool for reconnaissance and vulnerability scanning

Monitor linux processes without root permissions

In-depth Attack Surface Mapping and Asset Discovery

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Automated NoSQL database enumeration and web application exploitation tool.

The Offensive Manual Web Application Penetration Testing Framework.

Simple, extensible and powerful enumeration implementation for Laravel.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Security Tool to Look For Interesting Files in S3 Buckets

无状态子域名爆破工具

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

🆕 The Multi-Tool Web Vulnerability Scanner.

Multi Tool Subdomain Enumeration

kernel privilege escalation enumeration and exploitation framework

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

Notes for taking the OSCP in 2097. Read in book form on GitBook

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

Simple and fast implementation of enumerations with native PHP

High performance LINQ implementation with minimal heap allocations. Supports enumerables, async enumerables, arrays and Span<T>.

A Bash script that downloads and unzips scripts that will aid with privilege escalation on a Linux system.

Python 3.5+ DNS asynchronous brute force utility

An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.