A list of useful payloads and bypass for Web Application Security and Pentest/CTF
-
Updated
Jun 10, 2024 - Python
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
Automatic SSRF fuzzer and exploitation tool
SSRF (Server Side Request Forgery) testing resources
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to fin…
A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
K8Ladon大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
ODAT: Oracle Database Attacking Tool
vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.
pentest framework
Add a description, image, and links to the pentest topic page so that developers can more easily learn about it.
To associate your repository with the pentest topic, visit your repo's landing page and select "manage topics."