Privilege EscalationThis cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.
AdbsploitA python based tool for exploiting and managing Android devices via ADB
PhpvulnAudit tool to find common vulnerabilities in PHP source code
N00bratRemote Administration Toolkit (or Trojan) for POSiX (Linux/Unix) system working as a Web Service
DustcloudXiaomi Smart Home Device Reverse Engineering and Hacking
Burpsuite XkeysA Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Posta🐙 Cross-document messaging security research tool powered by https://enso.security
Dailyhack🐱💻 Tiny Tiny Hacks we use in our daily life.
ProtonProton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.
QuiverQuiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
WpreconWPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.
NetwormPython network worm that spreads on the local network and gives the attacker control of these machines.
OpenvehiclediagA rust based cross-platform ECU diagnostics and car hacking application, utilizing the passthru protocol
ReconnoitreA security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
IntelspyPerform automated network reconnaissance scans
Cr3dov3rKnow the dangers of credential reuse attacks.
Dark Fantasy Hack ToolDDOS Tool: To take down small websites with HTTP FLOOD. Port scanner: To know the open ports of a site. FTP Password Cracker: To hack file system of websites.. Banner Grabber: To get the service or software running on a port. (After knowing the software running google for its vulnerabilities.) Web Spider: For gathering web application hacking information. Email scraper: To get all emails related to a webpage IMDB Rating: Easy way to access the movie database. Both .exe(compressed as zip) and .py versions are available in files.
ThreadboatProgram Uses Thread Execution Hijacking To Inject Native Shell-code Into a Standard Win32 Application
H8mailEmail OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
Evil WinrmThe ultimate WinRM shell for hacking/pentesting
DnstrickerA simple dns resolver of dns-record and web-record log server for pentesting
Awesome Mobile SecurityAn effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
EntropyEntropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.
PidrilaPython Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
M3m0M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter
EviltwinframeworkA framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities
TelekillerA Tools Session Hijacking And Stealer Local Passcode Telegram Windows
RatelRAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
GofingerprintGoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
GoaltdnsA permutation generation tool written in golang
Shodan DorksDorks for shodan.io. Some basic shodan dorks collected from publicly available data.
GreconYour Google Recon is Now Automated
SipptsSet of tools to audit SIP based VoIP Systems
Oscp AutomationA collection of personal scripts used in hacking excercises.
Scilla🏴☠️ Information Gathering tool 🏴☠️ DNS / Subdomains / Ports / Directories enumeration
Mitmap📡 A python program to create a fake AP and sniff data.
Burp Send ToAdds a customizable "Send to..."-context-menu to your BurpSuite.
TweetshellMulti-thread Twitter BruteForcer in Shell Script
CtfrAbusing Certificate Transparency logs for getting HTTPS websites subdomains.