ReconnoitreA security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Information SecurityA place where I can create, collect and share tooling, resources and knowledge about information security.
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
XssmapXSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
Awesome VulnerableA curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
TrigmapA wrapper for Nmap to quickly run network scans
OscprepoA list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.
PidrilaPython Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
PakuriPenetration test Achieve Knowledge Unite Rapid Interface
Msploitego Pentesting suite for Maltego based on data in a Metasploit database
Black WidowGUI based offensive penetration testing tool (Open Source)
M3m0M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter
TelekillerA Tools Session Hijacking And Stealer Local Passcode Telegram Windows
Horn3tPowerful Visual Subdomain Enumeration at the Click of a Mouse
Oscp AutomationA collection of personal scripts used in hacking excercises.
Scilla🏴☠️ Information Gathering tool 🏴☠️ DNS / Subdomains / Ports / Directories enumeration
Wooyunwooyun public information backup
Awesome HackingA collection of various awesome lists for hackers, pentesters and security researchers
Punk.pyunix SSH post-exploitation 1337 tool
M4ngl3m3Common password pattern generator using strings list
VailynA phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Security ScriptsA collection of public offensive and defensive security related scripts for InfoSec students.
KeyeKeye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.
YamsA collection of Ansible roles for automating infosec builds.
VsauditVOIP Security Audit Framework
ErodirA fast web directory/file enumeration tool written in Rust
BadpodsA collection of manifests that will create pods with elevated privileges.
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Flask UnsignCommand line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
H4ckerThis repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
Eyes.shLet's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
Pentest NotesCollection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
In Spectre MeltdownThis tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
ThecollectiveThe Collective. A repo for a collection of red-team projects found mostly on Github.
One Lin3rGives you one-liners that aids in penetration testing operations, privilege escalation and more
Gitjacker🔪 Leak git repositories from misconfigured websites
Beef Over WanBrowser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]
Mssqli DuetSQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
HoundsploitAn advanced graphical search engine for Exploit-DB
RsfThe Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.
GivingstormInfection vector that bypasses AV, IDS, and IPS. (For now...)
Red Team Curation ListA list to discover work of red team tooling and methodology for penetration testing and security assessment
ReconcatA small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.
Fwdsh3llForward shell generation framework
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.