Explore 20 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
A collection of XSS payloads designed to turn alert(1) into P1
A collection of XSS payloads designed to turn alert(1) into P1
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.
A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.
A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.
A project providing honeypots for embedded device vulnerabilities with support for AWS integration and JSON output.
PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.
PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.
Weaponize Word documents with PowerShell Empire using the Microsoft DDE exploit.
Weaponize Word documents with PowerShell Empire using the Microsoft DDE exploit.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
A comprehensive guide to using Metasploit, including searching for modules, specifying exploits and payloads, and using auxiliary modules.
A comprehensive guide to using Metasploit, including searching for modules, specifying exploits and payloads, and using auxiliary modules.
A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.
A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.
A collection of tools that execute programs directly in memory using various delivery methods including URL downloads and netcat connections.
A collection of tools that execute programs directly in memory using various delivery methods including URL downloads and netcat connections.
Pwntools is a Python CTF framework and exploit development library that provides tools for rapid prototyping and development of exploits and CTF challenge solutions.
A honeypot specifically designed to detect and capture Log4Shell vulnerability exploitation attempts with payload analysis and flexible logging capabilities.
A Linux process injection tool that uses ptrace() to inject assembly-based shellcode into running processes without NULL byte restrictions.
A Linux process injection tool that uses ptrace() to inject assembly-based shellcode into running processes without NULL byte restrictions.
A proof-of-concept executable injection tool that compiles and launches parasitic executables within target processes using standard or stealth injection techniques.
A proof-of-concept executable injection tool that compiles and launches parasitic executables within target processes using standard or stealth injection techniques.
A payload creation framework for generating and executing C# code payloads with anti-evasion capabilities for offensive security operations.
A payload creation framework for generating and executing C# code payloads with anti-evasion capabilities for offensive security operations.
TikiTorch is a process injection tool that executes code within the address space of other processes using various injection techniques.
TikiTorch is a process injection tool that executes code within the address space of other processes using various injection techniques.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks