LscriptThe LAZY script will make your life easier, and of course faster.
KeyfinderKeyfinderπ is a tool that let you find keys while surfing the web!
RspetRSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
Cc.pyExtracting URLs of a specific target based on the results of "commoncrawl.org"
Mobileapp Pentest CheatsheetThe Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Physmem2profitPhysmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
Txtoolan easy pentesting tool.
Scoutπ Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs
Juice Shop CtfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
CommixAutomated All-in-One OS Command Injection Exploitation Tool.
LeakscraperLeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.
FilesensorDynamic file detection tool based on crawler εΊδΊη¬θ«ηε¨ζζζζδ»Άζ’ζ΅ε·₯ε
·
CameradarCameradar hacks its way into RTSP videosurveillance cameras
DrozerThe Leading Security Assessment Framework for Android.
AndroticklerPenetration testing and auditing toolkit for Android apps.
RogueAn extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.
ShellabLinux and Windows shellcode enrichment utility
AaiaAWS Identity and Access Management Visualizer and Anomaly Finder
Iot PtA Virtual environment for Pentesting IoT Devices
Darkspiritzπ Official Repository for DarkSpiritz Penetration Framework | Written in Python π
Oscp Cheat SheetThis is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder
Capsulecorp PentestVagrant VirtualBox environment for conducting an internal network penetration test
LnkupGenerates malicious LNK file payloads for data exfiltration
O365reconretrieve information via O365 with a valid cred
Evil SsdpSpoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Doxboxweb-based OSINT and reconaissance toolkit
HawkeyeHawkeye filesystem analysis tool
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
MosintAn automated e-mail OSINT tool
HrshellHRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
CintruderCaptcha Intruder (CIntrud3r) is an automatic pentesting tool to bypass captchas.
Dns PersistDNS-Persist is a post-exploitation agent which uses DNS for command and control.
Stegseekβ‘οΈ Worlds fastest steghide cracker, chewing through millions of passwords per second β‘οΈ
GetjsA tool to fastly get all javascript sources/files
WebmapA Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Awesome Shodan Queriesπ A collection of interesting, funny, and depressing search queries to plug into shodan.io π©βπ»
SlurpEvaluate the security of S3 buckets
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Hack ToolsThe all-in-one Red Team extension for Web Pentester π
JwtcatA CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
Intrec PackIntelligence and Reconnaissance Package/Bundle installer.
Xerrorfully automated pentesting tool
HacktricksWelcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
EvabsAn open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.