Prototype Pollution and useful Script Gadgets

List of XSS Vectors/Payloads

Basic Electron Exploitation

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

Add Clippy or his friends to any website for instant nostalgia.

Turn any dynamic website (especially wordpress) into a fast, secure, stable static site

Android virtual machine and deobfuscator

BeEF-inspired XSS proxy service

Proxy Helper is a WiFi Pineapple module that will automatically configure the Pineapple for use with a proxy such as Burp Suite.

An open source intelligence tool to crawl the graph of certificate Alternate Names

Create a TCP circuit through validly formed HTTP requests

Webshell && Backdoor Collection

A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.

CORS Anywhere is a NodeJS reverse proxy which adds CORS headers to the proxied request.

💩 Colour ASCII Art Library

SMBMap is a handy SMB enumeration tool

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Tomcat-Ajp协议文件读取漏洞

Testing TLS/SSL encryption anywhere on any port

onedrive user enumeration - pentest tool to enumerate valid o365 users

Scans Slack for API tokens, credentials, passwords, and more using YARA rules

One rule to crack all passwords. or atleast we hope so.

Below are some simple methods for exiting vim.

RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

A scalable overlay networking tool with a focus on performance, simplicity and security

Minimalist Asterisk Caller ID Spoofer and Secondary VOIP Line Configuration Built for AWS

(extensible) Data Exfiltration Toolkit (DET)

Sleepy Puppy XSS Payload Management Framework