A list of useful payloads and bypass for Web Application Security and Pentest/CTF

An interactive, tag-based, wiki-like, personal note-taking system

Client side accessibility error scanner.

Docker + Minecraft = Dockercraft

[Deprecated] Little bites of Material Design

OLD VERSION 1.3 of reddit is fun -- Android app to interact with reddit.com

Python utility to search Google from the Linux command line

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Current development of SSLyze now takes place on a separate repository

📚 Freely available programming books

Modified version of the passing-the-hash tool collection made to work straight out of the box

Dshell is a network forensic analysis framework.

Easy automated vulnerability scanning, reporting and analysis

A utility for arming (creating) many bees (micro EC2 instances) to attack (load test) targets (web applications).

Reconnaissance tool for GitHub organizations

Network Infrastructure Penetration Testing Tool

Safely store secrets in Git/Mercurial/Subversion

Kojoney2 is a low interaction SSH honeypot written in Python. Based on Kojoney by Jose Antonio Coret

Web Application Honeypot

Linux Exploit Suggester; based on operating system release number

Extra OP adapters

A JBoss script for obtaining remote shell access

Minecraft BigReactor Computercraft Control Program

Crypto 101, the introductory book on cryptography.

XSS spider - 66/66 wavsep XSS detected

HECTOR

A kernel driver to practice writing exploits against, as well as some example exploits using public techniques.

An on-path blackbox network traffic security testing tool

The Original Javascript Error Steamroller