A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Impacket is a collection of Python classes for working with network protocols.

Install and Run Python Applications in Isolated Environments

Scapy: the Python-based interactive packet manipulation program & library.

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

The Network Execution Tool

Tool for Active Directory Certificate Services enumeration and abuse

Mimikatz implementation in pure Python

Fully featured and community-driven hacking environment

A collection of Azure AD/Entra tools for offensive and defensive security purposes

A Python based ingestor for BloodHound

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

BloodyAD is an Active Directory Privilege Escalation Framework

Python and tab completion, better together.

Python version of the C# tool for "Shadow Credentials" attacks

DPAPI looting remotely and locally in Python

LDAP library for auditing MS AD

Timeroasting scripts by Tom Tervoort

PowerShell Remoting Protocol for Python

Standalone implementation of a part of the WSUS spec. Built for offensive security purposes.

Automating the MITM attack on WSUS

Enumerate Domain Users Without Authentication

Asynchronous RDP client for Python (headless)

Fully asynchronous SMB library written in pure python

A tool for coercing and relaying Kerberos authentication over DCOM and RPC.

tool for requesting Entra ID's P2P certificate and authenticating to a remote Entra joinned devices with it

Python tool to automatically perform SPN-less RBCD attacks.