SifterSifter aims to be a fully loaded Op Centre for Pentesters
ArchstrikeAn Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.
Top25 ParameterFor basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
StegcrackerSteganography brute-force utility to uncover hidden data inside files
NmapIdiomatic nmap library for go developers
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
GadgetprobeProbe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
SqlmapAutomatic SQL injection and database takeover tool
SecuritymanageframworkSecurity Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
RaasnetOpen-Source Ransomware As A Service for Linux, MacOS and Windows
Infosec referenceAn Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
AiodnsbrutePython 3.5+ DNS asynchronous brute force utility
RdpasssprayPython3 tool to perform password spraying using RDP
RidrelayEnumerate usernames on a domain where you have no creds by using SMB Relay with low priv.
Impost3r👻Impost3r -- A linux password thief
Cobalt strike extension kitAttempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.
Vaultswiss army knife for hackers
Docker Onion NmapScan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.
Sqli HunterSQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.
Suid3numA standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)
TtpsTactics, Techniques, and Procedures
Black Hat RustApplied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB
CitadelCollection of pentesting scripts
DnsliveryEasy files and payloads delivery over DNS
Offensive DockerOffensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Langhost👻 A LAN dropbox chatbot controllable via Telegram
ReconnoteWeb Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
KaboomA tool to automate penetration tests
GetaltnameExtract subdomains from SSL certificates in HTTPS sites.
InjuredandroidA vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
AirgeddonThis is a multi-use bash script for Linux systems to audit wireless networks.
VajraVajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
WebanalyzePort of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.
Findom XssA fast DOM based XSS vulnerability scanner with simplicity.
HettyHetty is an HTTP toolkit for security research.
BadintentIntercept, modify, repeat and attack Android's Binder transactions using Burp Suite
CcatCloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
WirespyFramework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017).
Cheatsheet GodPenetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
PentmenuA bash script for recon and DOS attacks
SusanooA REST API security testing framework.
Rshijacktcp connection hijacker, rust rewrite of shijack
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
PhishapiComprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
CripsIP Tools To quickly get information about IP Address's, Web Pages and DNS records.
UptuxLinux privilege escalation checks (systemd, dbus, socket fun, etc)
Dumpall一款信息泄漏利用工具,适用于.git/.svn源代码泄漏和.DS_Store泄漏