A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Open Source Vulnerability Management Platform

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Automatic SSRF fuzzer and exploitation tool

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Open source vulnerability DB and triage service.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Create actionable data from your Vulnerability Scans

Penetration Testing Platform

Dig Vulnerabilities in the BlackBox

Vulnerability Labs for security analysis

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

IoT固件漏洞复现环境

Steal Net-NTLM Hash using Bad-PDF

hack tools

The Correlated CVE Vulnerability And Threat Intelligence Database API

Burp Suite Certified Practitioner Exam Study

漏洞批量验证框架