Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

🎯 Command Injection Payload List

Automatic SSRF fuzzer and exploitation tool

Perform TE.CL HTTP Request Smuggling attacks by crafting HTTP Request automatically.

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

My Python Examples

List of awesome reverse engineering resources

This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security,…

Crawlee—A web scraping and browser automation library for Python to build reliable crawlers. Extract data for AI, LLMs, RAG, or GPTs. Download HTML, PDF, JPG, PNG, and other files from websites. Wo…

🔬Collection of malware, ransomware, RATs, botnets, stealers, etc.

Clone of svn repository of http://insecurety.net/projects/web-malware/ project

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

A list of interesting payloads, tips and tricks for bug bounty hunters.

A collection of PHP exploit scripts, found when investigating hacked servers. These are stored for educational purposes and to test fuzzers and vulnerability scanners. Feel free to contribute.

Pwn stuff.

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

🎯 XML External Entity (XXE) Injection Payload List

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

fsociety Hacking Tools Pack – A Penetration Testing Framework

🥧 HTTPie CLI — modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more.

An opinionated list of awesome Python frameworks, libraries, software and resources.

XSS payloads designed to turn alert(1) into P1

Webshell && Backdoor Collection

Automatically exported from code.google.com/p/domxsswiki

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

💻⚠️ A curated collection of awesome malware, botnets, and other post-exploitation tools.

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor