Firefox trusts PDF.JS so much, it disables the CSP. So find an XSS in PDF.JS and you get a CSP bypass for free
tools angularjs-csti-scanner：Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
tools captive-browser：A dedicated Chrome instance to log into captive portals without messing with DNS settings.
tools Abrade is a coroutine-based web scraper suitable for querying the existence (a HEAD request) or the contents (a GET request) of a web resource with a sequential, numerical pattern.
tools Exploit toolkit CVE-2017-8759 - v1.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft .NET Framework RCE.
tools JAADAS is a tool written in Java and Scala with the power of Soot to provide both interprocedure and intraprocedure static analysis for android applications.