KillchainA unified console to perform the "kill chain" stages of attacks.
RaccoonA high performance offensive security tool for reconnaissance and vulnerability scanning
Attiny85RubberDucky like payloads for DigiSpark Attiny85
EnumdbRelational database brute force and post exploitation tool for MySQL and MSSQL
Zap CliA simple tool for interacting with OWASP ZAP from the commandline.
PspyMonitor linux processes without root permissions
ZerodoorA script written lazily for generating cross-platform backdoors on the go :)
PycatPython network tool, similar to Netcat with custom features.
Invoke ApexA PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.
Git ScannerA tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
Firecrack🔥 Firecrack pentest tools: Facebook hacking random attack, deface, admin finder, bing dorking:
RescopeRescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Web2attackWeb hacking framework with tools, exploits by python
JalescJust Another Linux Enumeration Script: A Bash script for locally enumerating a compromised Linux box
AutosintTool to automate common OSINT tasks
AirmasterUse ExpiredDomains.net and BlueCoat to find useful domains for red team.
WincmdfuWindows one line commands that make life easier, shortcuts and command line fu.
Mida MultitoolBash script purposed for system enumeration, vulnerability identification and privilege escalation.
Burpsuite XkeysA Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
FuxploiderFile upload vulnerability scanner and exploitation tool.
Sqlite LabThis code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/
QuiverQuiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
NetwormPython network worm that spreads on the local network and gives the attacker control of these machines.
SilentbridgeSilentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.
EvilosxAn evil RAT (Remote Administration Tool) for macOS / OS X.
XssmapXSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
XorpassEncoder to bypass WAF filters using XOR operations
Awesome CsirtAwesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
Cr3dov3rKnow the dangers of credential reuse attacks.
TrigmapA wrapper for Nmap to quickly run network scans
ArcherysecCentralize Vulnerability Assessment and Management for DevSecOps Team
Jsonpjsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.
ReconnessReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Evil WinrmThe ultimate WinRM shell for hacking/pentesting
Poc T渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework
DnstrickerA simple dns resolver of dns-record and web-record log server for pentesting
Awesome Mobile SecurityAn effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
AsnipASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
PidrilaPython Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
SubrakeA Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.
GtfoblookupOffline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)
Spaces FinderA tool to hunt for publicly accessible DigitalOcean Spaces
Ssrf TestingSSRF (Server Side Request Forgery) testing resources
RatelRAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
Horn3tPowerful Visual Subdomain Enumeration at the Click of a Mouse