The LAZY script will make your life easier, and of course faster.
an easy pentesting tool.
The main SamuraiWTF collaborative distro repo.
A minimalist command line knowledge base manager
🔥 A high-performant UDP load generator, written in Rust
LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍
Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.
The all-in-one Red Team extension for Web Pentester 🛠
Pentest tool for antivirus evasion and running arbitrary payload on target Wintel host
A unified console to perform the "kill chain" stages of attacks.
A high performance offensive security tool for reconnaissance and vulnerability scanning
Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.
RubberDucky like payloads for DigiSpark Attiny85
💫 An asynchronous Low & Slow traffic generator, written in Rust
Relational database brute force and post exploitation tool for MySQL and MSSQL
Tool Information Gathering & social engineering Write By [Python,JS,PHP]
A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
Use ExpiredDomains.net and BlueCoat to find useful domains for red team.
An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。
Domain name permutation engine written in Go
A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
An information gathering tool to collect git commit emails in version control host services
A wrapper for Nmap to quickly run network scans
Penetration test Achieve Knowledge Unite Rapid Interface
Pentesting suite for Maltego based on data in a Metasploit database
SSRF (Server Side Request Forgery) testing resources
RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
Set of tools to audit SIP based VoIP Systems
Wiegand data logger, replay device and micro door-controller
Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux
unix SSH post-exploitation 1337 tool
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。
Powershell script to setup windows port forwarding using native netsh client
A fast web directory/file enumeration tool written in Rust
foolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV
Automation for internal Windows Penetrationtest / AD-Security
iOS/macOS/Linux Remote Administration Tool
Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
In Spectre Meltdown
This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
Venom - A Multi-hop Proxy for Penetration Testers
Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
XSHOCK Shellshock Exploit
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection