A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Low code web framework for real world applications, in Python and Javascript

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Opiniated RAG for integrating GenAI in your apps 🧠 Focus on your product rather than the RAG. Easy integration in existing products with customisation! Any LLM: GPT4, Groq, Llama. Any Vectorstore: PGVector, Faiss. Any Files. Anyway you want.

The Rogue Access Point Framework

CTFs as you need them

AI Native Data App Development framework with AWEL(Agentic Workflow Expression Language) and Agents

Main Sigma Rule Repository

Web path scanner

🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

Exploitation Framework for Embedded Devices

Set up a personal VPN in the cloud

Scapy: the Python-based interactive packet manipulation program & library.

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

Daemon to ban hosts that cause multiple authentication errors

The authentication glue you need.

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

w3af: web application attack and audit framework, the open source web vulnerability scanner.