RulerA tool to abuse Exchange services
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
SipptsSet of tools to audit SIP based VoIP Systems
KarkinosPenetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing
Scilla🏴☠️ Information Gathering tool 🏴☠️ DNS / Subdomains / Ports / Directories enumeration
Mitmap📡 A python program to create a fake AP and sniff data.
ExploHuman and machine readable web vulnerability testing format
ShurikenCross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.
Burp Send ToAdds a customizable "Send to..."-context-menu to your BurpSuite.
ArissploitArissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
BulwarkAn organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
BellaBella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻
CtfrAbusing Certificate Transparency logs for getting HTTPS websites subdomains.
EmbedosEmbedOS - Embedded security testing virtual machine
Information Security TasksThis repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
AnsvifA Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.
Hacker ContainerContainer with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
SubtakeAutomatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.
Ransom0Ransom0 is a open source ransomware made with Python, designed to find and encrypt user data.
Go Deliver Go-deliver is a payload delivery tool coded in Go.
Smtptestersmall python3 tool to check common vulnerabilities in SMTP servers
VailynA phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Burp ParamalyzerParamalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.
Security ScriptsA collection of public offensive and defensive security related scripts for InfoSec students.
HackvaultA container repository for my public web hacks!
Put2winScript to automate PUT HTTP method exploitation to get shell
Resource filesmosquito - Automating reconnaissance and brute force attacks
SwurgParse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Flask UnsignCommand line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
WinpwnAutomation for internal Windows Penetrationtest / AD-Security
KatzkatzPython3 script to parse txt files containing Mimikatz output
Eyes.shLet's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
AcamarA Python3 based single-file subdomain enumerator
Pentest NotesCollection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
Watf BankWaTF Bank - What a Terrible Failure Mobile Banking Application for Android and iOS
BlackratBlackRAT - Java Based Remote Administrator Tool
ThoronThoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.
ThecollectiveThe Collective. A repo for a collection of red-team projects found mostly on Github.
Zynix Fusionzynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else.
Gitjacker🔪 Leak git repositories from misconfigured websites
CloudfailUtilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
VenomVenom - A Multi-hop Proxy for Penetration Testers
DeathstarUses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
Decoder Plus PlusAn extensible application for penetration testers and software developers to decode/encode data into various formats.
Ldap searchPython3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
GithacktoolsThe best Hacking and PenTesting tools installer on the world
RsfThe Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.
SubjackSubdomain Takeover tool written in Go