1963 Open source projects that are alternatives of or similar to Active Directory Exploitation Cheat Sheet

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

Hacker101 CTF Writeup

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

ANDRAX The first and unique Penetration Testing platform for Android smartphones

CMS auto detect and exploit.

All MITM attacks in one place.

Tool Information Gathering Write By Python.

Windows post-exploitation tools, resources, techniques and commands to use during post-exploitation phase of penetration test. Contributions are appreciated. Enjoy!

A MongoDB importer and API for Project Sonars DNS datasets

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

A collected list of awesome security talks

Hetty is an HTTP toolkit for security research.

retrieve information via O365 with a valid cred

Exploit Pack -The next generation exploit framework

Project transferred to: https://github.com/taielab/awesome-hacking-lists

Tool-X is a kali linux hacking Tool installer. Tool-X developed for termux and other Linux based systems. using Tool-X you can install almost 370+ hacking tools in termux app and other linux based distributions.

Official Black Hat Arsenal Security Tools Repository

Quack Toolkit is a set of tools to provide denial of service attacks. Quack Toolkit includes SMS attack tool, HTTP attack tool and many other attack tools.

Personal CTF Toolkit

Complete Listing and Usage of Tools used for Ethical Hacking

🎯 XML External Entity (XXE) Injection Payload List

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

NetCat for Windows

Directory Services Internals (DSInternals) PowerShell Module and Framework

Patch iOS Apps, The Easy Way, Without Jailbreak.

Ronin is a Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Bloodhound for Blue and Purple Teams

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

📕 Both personal and public notes for EC-Council's CEHv10 312-50, because its thousands of pages/slides of boredom, and a braindump to many

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

Single Page Cheatsheet for common MSF Venom One Liners

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

Mobile penetration testing android & iOS command cheatsheet

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

This is a multi-use bash script for Linux systems to audit wireless networks.

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

Notes Taken for HTB Machines & InfoSec Community.

Pentest: Subdomains enumeration tool for penetration testers.

List of Awesome Windows Security Resources

My own OSCP guide

A Handy-Dandy Personal Toolkit for Enumeration and a headstart on attacking a machine!

Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

Boxer: A fast directory bruteforce tool written in Python with concurrency.

network reconnaissance toolkit

A script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".

A tool to automate penetration tests

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

👻 A LAN dropbox chatbot controllable via Telegram

平常看到好的渗透hacking工具和多领域效率工具的集合

Extract subdomains from SSL certificates in HTTPS sites.

OSINT

A list of web application security

Writeups for infosec Capture the Flag events by team Galaxians