Discord webhook plugin for CTFd

Instruction on gaining initial access using mshta.exe

Fuzz 401/403/404 pages for bypasses

Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem

Crack MSCHAPv2 challenge/responses quickly using a database of NT hashes

Fork of the Go standard TLS library, providing low-level access to the ClientHello for mimicry purposes.

Linux/Windows post-exploitation framework made by linux user

The EXCLUSIVE Collection of 50,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

Active Directory Auditing and Enumeration

Password cracking rules for Hashcat based on statistics and industry patterns

Simple script to extract useful informations from the combo BloodHound + Neo4j

KeyDecoder app lets you use your smartphone or tablet to decode your mechanical keys in seconds.

A tool for generating fake code signing certificates or signing real ones

Get website IP address by scanning the entire net 通过扫描全网绕过CDN获取网站IP地址

Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.

Burp Suite extension that offers a toolkit for testing GraphQL endpoints.

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

Cybersecurity oriented awesome list

Solutions of xchg rax,rax

A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization,…

A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!

Customizable Linux Persistence Tool for Security Research and Detection Engineering.

Self contained htaccess shells and attacks

Stealth dropper executing remote binaries without dropping them on disk .(HTTP3 support, ICMP support, invisible tracks, cross-platform,...)

数据库自动取样工具 - The tool used to extract the information from databases quickly.