Stars
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
lgandx / Responder
Forked from SpiderLabs/ResponderResponder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…
out-of-bounds write in Fortinet FortiOS CVE-2024-21762 vulnerability
Extract URLs, paths, secrets, and other interesting bits from JavaScript
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Deserialization payload generator for a variety of .NET formatters
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Ghidra is a software reverse engineering (SRE) framework
A little tool to play with Windows security
Impacket is a collection of Python classes for working with network protocols.
Six Degrees of Domain Admin
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
A next-generation crawling and spidering framework.
All About Dependency Confusion Attack, (Detecting, Finding, Mitigating)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…
The new bridge between Burp Suite and Frida!
Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding and patching an APK.
A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
Accept URLs on stdin, replace all query string values with a user-supplied value
🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection
A tool for reverse engineering Android apk files