A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Hunt down social media accounts by username across social networks

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Set up a personal VPN in the cloud

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Open-source AI hackers to find and fix your app’s vulnerabilities.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

E-mails, subdomains and names Harvester - OSINT

Impacket is a collection of Python classes for working with network protocols.

Most advanced XSS scanner.

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Automated Penetration Testing Agentic Framework Powered by Large Language Models

Credentials recovery project

Library for building powerful interactive command line applications in Python

A swiss army knife for pentesting networks

📱 objection - runtime mobile exploration

Nginx configuration static analyzer

Multi-Cloud Security Auditing Tool

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

Web application fuzzer

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Scanning APK file for URIs, endpoints & secrets.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

The Network Execution Tool

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.