FuxiPenetration Testing Platform
LyricpassPassword wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.
Owasp MasvsThe Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.
AwsbucketdumpSecurity Tool to Look For Interesting Files in S3 Buckets
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
PsattackA portable console aimed at making pentesting with PowerShell a little easier.
Eyes👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️
NettackerAutomated Penetration Testing Framework
PasshuntPasshunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
BroxyAn HTTP/HTTPS intercept proxy written in Go.
Androl4bA Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Babysploit👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍
Ripv6Random IPv6 - circumvents restrictive IP address-based filter and blocking rules
Pwncatpwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
BrutusA Python-powered exploitation framework and botnet.
ScriptsScripts I use during pentest engagements.
Hacker Roadmap📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
Dsinternals Directory Services Internals (DSInternals) PowerShell Module and Framework
Rapidscan🆕 The Multi-Tool Web Vulnerability Scanner.
EvillimiterTool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
VhostscanA virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
InterlaceEasily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
HtshellsSelf contained htaccess shells and attacks
SublertSublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
Lockdoor Framework🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
BrutalPayload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )
GorsairGorsair hacks its way into remote docker containers that expose their APIs
SwiftnessxA cross-platform note-taking & target-tracking app for penetration testers.
Powershell RatPython based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
JackhammerJackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Penetration Testing ToolsA collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.
DotdotpwnDotDotPwn - The Directory Traversal Fuzzer
HashviewA web front-end for password cracking and analytics
MonkeyInfection Monkey - An automated pentest tool
Damn Vulnerable Graphql ApplicationDamn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
Passphrase WordlistPassphrase wordlist and hashcat rules for offline cracking of long, complex passwords
NishangNishang - Offensive PowerShell for red team, penetration testing and offensive security.
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF