A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

Trying to tame the three-headed dog.

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.

Webshell && Backdoor Collection

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…

PoC Implementation of a fully dynamic call stack spoofer

A utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victim machine during privilege escalation.

A python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches.

Generates millions of keyword-based password mutations in seconds.

An XSS exploitation command-line interface and payload generator.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Windows / Linux Local Privilege Escalation Workshop

A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions

Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products

A small and efficent script to send SMS all over the world anonymously

The purpose of this tool is to test the window10 defender protection and also other antivirus protection.

An Advanced Tool to Crack Any Password Protected ZIP File With different Techniques. A very Beginner Friendly Script For Newbies.

A collection of utilities for building extensions using Burp's Montoya API

Source Code of MSIL Ransom

📦 de4dot deobfuscator with full support for vanilla ConfuserEx

In-depth attack surface mapping and asset discovery

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities