A list of useful payloads and bypass for Web Application Security and Pentest/CTF

ALL IN ONE Hacking Tool For Hackers

gpt-oss-120b and gpt-oss-20b are two open-weight language models by OpenAI

Top disclosed reports from HackerOne

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

IDA plugin which queries language models to speed up reverse-engineering

CTF challenge (mostly pwn) files, scripts etc

Offensive Software Exploitation Course

A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure code reviews. Features common vulnerabilities found in real-wor…

Local File Inclusion discovery and exploitation tool

AI tool to deobfuscate and find any potential vulnerabilities in android apps.

Archive Alchemist is a tool for creating specially crafted archives to test extraction vulnerabilities.

A research project to add some brrrrrr to Burp

Generate Frida bypass scripts for Android APK root and SSL checks.

Top disclosed reports from HackerOne

Writeups of challenges and CTFs I participated in

A collection of useful resources for hacking WordPress and it's plugins and themes

SSLPinDetect is a tool for analyzing Android APKs to detect SSL pinning implementations by scanning for known patterns in decompiled code. It helps security researchers and penetration testers iden…

CLI tool that fetches resolved & disclosed HackerOne reports by vulnerability and exports them to CSV.

Advanced Security Analysis for Burp Suite

tool used to fetch&scan js files for secrets. with waybackmachine+crawling.