SQLi-Query-TamperingSQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
XENAXENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring secrecy and resiliency over performance. It's micro-service oriented allowing for specialization and lower footprint. Join the community of the ulti…
bWAPPbWAPP latest modified for PHP7
psakThe Pentester's Swiss Army Knife
RPCScanTool to communicate with RPC services and check misconfigurations on NFS shares
TIWAPTotally Insecure Web Application Project (TIWAP)
xmlrpc-bruteforcerMulti-threaded XMLRPC brute forcer using amplification attacks targeting WordPress installations prior to version 4.4.
bstBinary String Toolkit (BST). Quickly and easily convert binary strings for all your exploit development needs. 😎
pentest-toolsGeneral stuff for pentesting - password cracking, phishing, automation, Kali, etc.
needle-agentThe iOS Agent for the Needle Security Assessment Framework
TripleSExtracting Syscall Stub, Modernized
BabyMuxpentesting tool for noob hackers.Runs on linux and termux
tor-rootkitA Python 3 standalone Windows 10 / Linux Rootkit using Tor.
packer-kali linuxThis is a repository that will be used to help create a process of a new kali vagrant box for hashicorp each week.
LuciferA Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life
ptpPentester's Tools Parser (PTP) provides an unified way to retrieve the information from all (final goal) automated pentesting tools and assign an automated ranking for each finding.
AthenaTest your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior 🥷🏻
c2A simple, extensible C&C beaconing system.
PXXTFFramework For Exploring kernel vulnerabilities, network vulnerabilities ✨
pwn-pulseExploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)
pitchThe initial conversation slides and menu of scenarios
JiraffeOne stop place for exploiting Jira instances in your proximity
huntkitDocker - Ubuntu with a bunch of PenTesting tools and wordlists
Quebec WordlistA useful wordlist made from French Canadian leaked passwords!
boxerBoxer: A fast directory bruteforce tool written in Python with concurrency.
pentest-reportsCollection of penetration test reports and pentest report templates. Published by the the best security companies in the world.
webreconAutomated Web Recon Shell Scripts
ftpknocker🔑 ftpknocker is a multi-threaded scanner for finding anonymous FTP servers
Kali-TXCustomized Kali Linux - Ansible playbook
DNSExplorerBash script that automates the enumeration of domains and DNS servers in the active information gathering.
py3webfuzzA Python3 module to assist in fuzzing web applications
rustpadMulti-threaded Padding Oracle attacks against any service. Written in Rust.
wingkalabsWingkalabs (Linux) Wingkalabs es una máquina Virtual Linux intencionalmente vulnerable. Esta máquina virtual se puede utilizar para realizar entrenamientos de seguridad, probar herramientas de seguridad y practicar técnicas comunes de pruebas de penetración.
evilredisScript for doing evil stuff to Redis servers (for educational purposes only).
longtongueCustomized Password/Passphrase List inputting Target Info
PeekABooPeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.
nightcallAutomated Enumeration Script for Pentesting
WiCrackFiPython Script to help/automate the WiFi hacking exercises.
DoxingEspionaje y recopilación de Información
BoomERFramework for exploiting local vulnerabilities
nmap-formatterA tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.
juice-shopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
orbitaldumpA simple multi-threaded distributed SSH brute-forcing tool written in Python
webnukeA weird and wonderful console based tool for pentesting web applications
ligolo-ngAn advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
BadIntentIntercept, modify, repeat and attack Android's Binder transactions using Burp Suite