A list of useful payloads and bypass for Web Application Security and Pentest/CTF

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Automated pentest framework for offensive security experts

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Collaborative Penetration Test and Vulnerability Management Platform

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-5902、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

A collection of JavaScript engine CVEs with PoCs

Advanced vulnerability scanning with Nmap NSE

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

Tutorials and Things to Do while Hunting Vulnerability.

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Potentially dangerous files

Automatic SSRF fuzzer and exploitation tool

Reverse Shell as a Service

Penetration tests guide based on OWASP including test cases, resources and examples.

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

Penetration Testing Platform

Create actionable data from your Vulnerability Scans

Vulnerability Labs for security analysis

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

SQL Vulnerability Scanner

Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

The Correlated CVE Vulnerability And Threat Intelligence Database API

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Steal Net-NTLM Hash using Bad-PDF

ES File Explorer Open Port Vulnerability - CVE-2019-6447