awesome-ctf-cheatsheet by uppusaikiran

CTF Cheatsheet

created at Feb. 11, 2020, 5:14 p.m.

1 +0

19 +0

2 +0

slurp by hehnope

this can't keep happening

created at April 7, 2019, 12:30 a.m.

1 +0

2 +0

0 +0

charsetinspect by hack-all-the-things

A script that inspects multi-byte character sets looking for characters with specific user-defined properties

created at June 23, 2016, 3:09 p.m.

3 +0

25 +0

7 +0

ntlm_challenger by b17zr

Parse NTLM challenge messages over HTTP and SMB

created at Nov. 4, 2019, 10:27 p.m.

4 +0

141 +0

25 +0

Dockerfiles by espi0n

None

created at Sept. 26, 2017, 3:54 p.m.

5 +0

37 -1

3 +0

XSS.png by LucaBongiorni

A XSS mind map ;)

created at Jan. 16, 2016, 7:47 a.m.

5 +0

57 +0

143 +0

pwngitmanager by allyshka

Git manager for pentesters

created at Feb. 25, 2016, 6:14 a.m.

6 +0

106 +0

22 +0

cefdebug by taviso

Minimal code to connect to a CEF debugger.

created at Oct. 3, 2019, 2:09 p.m.

7 +0

190 +0

19 +0

VWGen by qazbnm456

Vulnerable Web applications Generator

created at April 12, 2016, 4:06 p.m.

7 +0

84 +0

18 +0

GSDF by We5ter

A domain searcher named GoogleSSLdomainFinder - 基于谷歌SSL透明证书的子域名查询工具

created at Dec. 19, 2016, 4:58 p.m.

7 +0

174 +0

57 +0

Reverse-Shell-Manager by WangYihang

A multiple reverse shell session/client manager via terminal

created at Oct. 23, 2017, 1:41 a.m.

8 +0

234 +0

66 +0

IPObfuscator by OsandaMalith

A simple tool to convert the IP to a DWORD IP

created at April 30, 2016, 11:32 p.m.

9 +0

134 +0

46 +0

bXSS by LewisArdern

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

created at Dec. 13, 2017, 11:49 p.m.

14 +0

483 +1

69 +0

dtd-finder by GoSecure

List DTDs and generate XXE payloads using those local DTDs.

created at July 15, 2019, 8:13 p.m.

14 +0

582 +0

104 +0

cssInjection by dxa4481

Stealing CSRF tokens with CSS injection (without iFrames)

created at Feb. 4, 2018, 4:09 a.m.

15 +0

313 -1

53 +0

DVCS-Pillage by evilpacket

Pillage web accessible GIT, HG and BZR repositories

created at June 18, 2011, 8:04 p.m.

16 +0

314 +0

63 +0

open-redirect-payload-list by payloadbox

🎯 Open Redirect Payload List

created at Aug. 15, 2019, 3:29 p.m.

19 +0

495 +0

173 -1

mutual-tls-ssl by Hakky54

🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC, WebSocket and ElasticSearch examples are included

created at Nov. 11, 2018, 7:07 p.m.

19 +0

540 +0

120 +0

JoomlaScan by drego85

A free software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.

created at Feb. 11, 2016, 9:28 p.m.

20 +0

198 +0

67 +0

BadLibrary by SecureSkyTechnology

vulnerable web application for training

created at Dec. 13, 2017, 6:43 a.m.

20 +0

57 +0

7 +0