An opinionated list of Python frameworks, libraries, tools, and resources.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

E-mails, subdomains and names Harvester - OSINT

Credentials recovery project

Common User Passwords Profiler (CUPP)

A DNS meta-query spider that enumerates DNS records, and subdomains.

An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.

Platform Security Assessment Framework

Create randomly insecure VMs

Generates permutations, alterations and mutations of subdomains and then resolves them

Striker is an offensive information and vulnerability scanner.

Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat…

Sniffs sensitive data from interface or pcap

A tool for automating cracking methodologies through Hashcat from the TrustedSec team.

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names

Paper Icon Theme

Pyminifier is a Python code minifier, obfuscator, and compressor.

Pop shells like a master.

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

🤖💬 An easy-to-use and highly extensible IRC Bot framework. Formerly Willie.

Python and Powershell internal penetration testing framework

YouTube Downloader using yt-dlp

a package of Pentest scripts I have made or commonly use

The Traditional Swiss Army Knife for OSINT

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Python Scripts for Hacking .