shelld3v

Python-shell-cheat-sheet

Full python reverse shell and bind shell payloads

wsshell

WebSocket shell

CVE-2019-11580

A CVE-2019-11580 shell

fnmap

Flash Nmap, a script to super-boost Nmap - written in Python

CVE-2012-2688

A CVE-2012-2688 shell

C-reverse-shell

C Reverse Shell

shellpy

Remote shell tool for both Windows and Unix

intbleed

Integer overflow vulnerability exploitation tool

robologin-dev

Web username & password bruteforcer

Werkzeug-Shell

Exploitation for CVE-126453 to get reverse shell from "Werkzeug Debug Shell"

altdns

Generates permutations, alterations and mutations of subdomains and then resolves them

Blacklist3r

project-blacklist3r

Corsy

CORS Misconfiguration Scanner

dirstalk

Modern alternative to dirbuster/dirb

dtd-finder

List DTDs and generate XXE payloads using those local DTDs.

ffuf

Fast web fuzzer written in Go

fuzz.txt

Potentially dangerous files

Konan

Konan - Advanced Web Application Dir Scanner

leaky-paths

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

OpenDoor

OWASP WEB Directory Scanner

param-miner

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

PySocks

A SOCKS proxy client and wrapper for Python.

requests

A simple, yet elegant HTTP library.

RustScan

🤖 The Modern Port Scanner 🤖

subfinder

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

Sublist3r

Fast subdomains enumeration tool for penetration testers

urllib3

Python HTTP library with thread-safe connection pooling, file post support, user friendly, and more.

wfuzz

Web application fuzzer

xsscrapy

XSS spider - 66/66 wavsep XSS detected