LscriptThe LAZY script will make your life easier, and of course faster.
Txtoolan easy pentesting tool.
SamuraiwtfThe main SamuraiWTF collaborative distro repo.
KbA minimalist command line knowledge base manager
Anevicon🔥 A high-performant UDP load generator, written in Rust
CrosslinkedLinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
Darkspiritz🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍
TigersharkBilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.
Hack ToolsThe all-in-one Red Team extension for Web Pentester 🛠
FoolavPentest tool for antivirus evasion and running arbitrary payload on target Wintel host
KillchainA unified console to perform the "kill chain" stages of attacks.
RaccoonA high performance offensive security tool for reconnaissance and vulnerability scanning
PymetaPymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.
Attiny85RubberDucky like payloads for DigiSpark Attiny85
Finshir💫 An asynchronous Low & Slow traffic generator, written in Rust
EnumdbRelational database brute force and post exploitation tool for MySQL and MSSQL
Xssor2XSS'OR - Hack with JavaScript.
DarksideTool Information Gathering & social engineering Write By [Python,JS,PHP]
Git ScannerA tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
AirmasterUse ExpiredDomains.net and BlueCoat to find useful domains for red team.
DirmapAn advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。
DnsmorphDomain name permutation engine written in Go
Burpsuite XkeysA Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
GitmailsAn information gathering tool to collect git commit emails in version control host services
TrigmapA wrapper for Nmap to quickly run network scans
PakuriPenetration test Achieve Knowledge Unite Rapid Interface
Msploitego Pentesting suite for Maltego based on data in a Metasploit database
Ssrf TestingSSRF (Server Side Request Forgery) testing resources
RatelRAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
SipptsSet of tools to audit SIP based VoIP Systems
EspkeyWiegand data logger, replay device and micro door-controller
CatnipCat-Nip Automated Basic Pentest Tool - Designed For Kali Linux
Punk.pyunix SSH post-exploitation 1337 tool
VailynA phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
ArlARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Win PortfwdPowershell script to setup windows port forwarding using native netsh client
ErodirA fast web directory/file enumeration tool written in Rust
Foolavcfoolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV
WinpwnAutomation for internal Windows Penetrationtest / AD-Security
EggshelliOS/macOS/Linux Remote Administration Tool
Eyes.shLet's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
In Spectre MeltdownThis tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
One Lin3rGives you one-liners that aids in penetration testing operations, privilege escalation and more
VenomVenom - A Multi-hop Proxy for Penetration Testers
Ldap searchPython3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
Cloudflair🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
XshockXSHOCK Shellshock Exploit
CloakifyCloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection