The LAZY script will make your life easier, and of course faster.
Keyfinder🔑 is a tool that let you find keys while surfing the web!
RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
Extracting URLs of a specific target based on the results of "commoncrawl.org"
Mobileapp Pentest Cheatsheet
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
an easy pentesting tool.
🔭 Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs
Juice Shop Ctf
Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
Automated All-in-One OS Command Injection Exploitation Tool.
LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.
Dynamic file detection tool based on crawler 基于爬虫的动态敏感文件探测工具
Cameradar hacks its way into RTSP videosurveillance cameras
The Leading Security Assessment Framework for Android.
Penetration testing and auditing toolkit for Android apps.
An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.
Linux and Windows shellcode enrichment utility
AWS Identity and Access Management Visualizer and Anomaly Finder
A Virtual environment for Pentesting IoT Devices
🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍
Oscp Cheat Sheet
This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder
Vagrant VirtualBox environment for conducting an internal network penetration test
Generates malicious LNK file payloads for data exfiltration
retrieve information via O365 with a valid cred
Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
web-based OSINT and reconaissance toolkit
Hawkeye filesystem analysis tool
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
An automated e-mail OSINT tool
HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Captcha Intruder (CIntrud3r) is an automatic pentesting tool to bypass captchas.
DNS-Persist is a post-exploitation agent which uses DNS for command and control.
⚡️ Worlds fastest steghide cracker, chewing through millions of passwords per second ⚡️
A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Awesome Shodan Queries
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Evaluate the security of S3 buckets
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
The all-in-one Red Team extension for Web Pentester 🛠
A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
Intelligence and Reconnaissance Package/Bundle installer.
fully automated pentesting tool
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.