DiamorphineLKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
ExploitpackExploit Pack -The next generation exploit framework
Linuxprivcheckerlinuxprivchecker.py -- a Linux Privilege Escalation Check Script
Lockdoor Framework🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
GorsairGorsair hacks its way into remote docker containers that expose their APIs
Security whitepapersCollection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
Powershell RatPython based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
SuboverA Powerful Subdomain Takeover Tool
XsserCross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
HashviewA web front-end for password cracking and analytics
Passphrase WordlistPassphrase wordlist and hashcat rules for offline cracking of long, complex passwords
Platypus🔨 A modern multiple reverse shell sessions manager wrote in go
AwspxA graph-based tool for visualizing effective access and resource relationships in AWS environments.
BigbountyreconBigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Red Teaming ToolkitThis repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
YasuoA ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stowaway👻Stowaway -- Multi-hop Proxy Tool for pentesters
MxtractmXtract - Memory Extractor & Analyzer
Dictionary Of PentestingDictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Thc ArchiveAll releases of the security research group (a.k.a. hackers) The Hacker's Choice
GobusterDirectory/File, DNS and VHost busting tool written in Go
PentestkitUseful tools and scripts during Penetration Testing engagements
OctopusOpen source pre-operation C2 server based on python and powershell
NullinuxInternal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
JusttryharderJustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Dradis CeDradis Framework: Colllaboration and reporting for IT Security teams
FfufFast web fuzzer written in Go
BruteCredential stuffing engine built for security professionals
FireelffireELF - Fileless Linux Malware Framework
GoohakAutomatically Launch Google Hacking Queries Against A Target Domain
HosthunterHostHunter a recon tool for discovering hostnames using OSINT techniques.
MetabigorIntelligence tool but without API key
Dref DNS Rebinding Exploitation Framework
EhtoolsWi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.
ReverseapkQuickly analyze and reverse engineer Android packages
OtsecaOpen source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.
PacketwhisperPacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.