A list of useful payloads and bypass for Web Application Security and Pentest/CTF
-
Updated
Jun 19, 2026 - Python
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
一个攻防知识库。A knowledge base for red teaming and offensive security.
Copy Fail (CVE-2026-31431): 9-year-old Linux kernel LPE found by Theori's Xint Code
Fancy reverse and bind shell handler
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
ODAT: Oracle Database Attacking Tool
Metarget is a framework providing automatic constructions of vulnerable infrastructures.
MSDAT: Microsoft SQL Database Attacking Tool
Collection of things made during my OSCP journey
Linux privilege escalation exploit via snapd (CVE-2019-7304)
A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.
Active Directory pentesting tool for Linux. Automated Kerberoasting, AS-REP Roasting, ADCS/ESC exploitation, DCSync, BloodHound integration, and 100+ AD attack paths. ENS Alto / NIS2 / ISO 27001 compliance reports. No Windows required.
EVA is an AI-assisted penetration testing agent that enhances offensive security workflows by providing structured attack guidance, contextual analysis, and multi-backend AI integration.
A python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches.
A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life
Modular penetration testing platform that enables you to write, test, and execute exploit code.
Add a description, image, and links to the privilege-escalation topic page so that developers can more easily learn about it.
To associate your repository with the privilege-escalation topic, visit your repo's landing page and select "manage topics."