A list of useful payloads and bypass for Web Application Security and Pentest/CTF
ALL IN ONE Hacking Tool For Hackers
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and hashes ⚡
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Web path scanner
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
The recursive internet scanner for hackers. 🧡
People tracker on the Internet: OSINT analysis and research tool by Jose Pino
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
Automated Adversary Emulation Platform
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
Study Notes For Web Hacking / Web安全学习笔记
Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
The Network Execution Tool
Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
Dark Web OSINT Tool