PentestkitUseful tools and scripts during Penetration Testing engagements
Stars: ✭ 463 (+157.22%)
DevBrute-A Password Brute ForcerDevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.
Stars: ✭ 91 (-49.44%)
Red Team Curation ListA list to discover work of red team tooling and methodology for penetration testing and security assessment
Stars: ✭ 68 (-62.22%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-21.11%)
JusttryharderJustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Stars: ✭ 450 (+150%)
brutekragPenetration tests on SSH servers using brute force or dictionary attacks. Written in Python.
Stars: ✭ 30 (-83.33%)
Black WidowGUI based offensive penetration testing tool (Open Source)
Stars: ✭ 124 (-31.11%)
GhostNETGhostNET script that will help you be safer on the cyber
Stars: ✭ 45 (-75%)
Dradis CeDradis Framework: Colllaboration and reporting for IT Security teams
Stars: ✭ 443 (+146.11%)
sqlscanQuick SQL Scanner, Dorker, Webshell injector PHP
Stars: ✭ 140 (-22.22%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+63.33%)
Packet SnifferA pure-Python Network Packet Sniffing tool
Stars: ✭ 428 (+137.78%)
WPA2-FritzBox-Pswd-Wordlist-GeneratorThis Script will produce all of the WPA2 Passwords used by various Router companies aswell as Fritzbox. All of these Passwords will be 16 Numbers in length. So it could get a bit large.
Stars: ✭ 22 (-87.78%)
TcpproxyIntercepting TCP proxy to modify raw TCP streams using modules on incoming or outgoing traffic
Stars: ✭ 176 (-2.22%)
PwndocPentest Report Generator
Stars: ✭ 417 (+131.67%)
crtfinderFast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques
Stars: ✭ 96 (-46.67%)
Fwdsh3llForward shell generation framework
Stars: ✭ 62 (-65.56%)
SifterSifter aims to be a fully loaded Op Centre for Pentesters
Stars: ✭ 403 (+123.89%)
CorebgpCoreBGP is a BGP library written in Go that implements the BGP FSM with an event-driven, pluggable model.
Stars: ✭ 124 (-31.11%)
SSI Extra MaterialsIn my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them
Stars: ✭ 42 (-76.67%)
StegcrackerSteganography brute-force utility to uncover hidden data inside files
Stars: ✭ 396 (+120%)
Intel-OneCommand line tool for passive reconnaissance, able to gather and link public information to a target domain, company or individual. It can make intelligence gathering faster and more effective by drastically reducing manual user interaction. This is achieved through the engineering of a highly customisable single input to multiple output solutio…
Stars: ✭ 23 (-87.22%)
Anevicon🔥 A high-performant UDP load generator, written in Rust
Stars: ✭ 243 (+35%)
Slackor A Golang implant that uses Slack as a command and control server
Stars: ✭ 392 (+117.78%)
CapsuleA framework for network function development. Written in Rust, inspired by NetBricks and built on DPDK.
Stars: ✭ 217 (+20.56%)
AstraAutomated Security Testing For REST API's
Stars: ✭ 1,898 (+954.44%)
LscriptThe LAZY script will make your life easier, and of course faster.
Stars: ✭ 3,056 (+1597.78%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+116.11%)
AryAry 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (+33.89%)
Icg AutoexploiterbotWordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥
Stars: ✭ 242 (+34.44%)
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (+112.22%)
ArmorArmor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners.
Stars: ✭ 228 (+26.67%)
TelekillerA Tools Session Hijacking And Stealer Local Passcode Telegram Windows
Stars: ✭ 122 (-32.22%)
Vulnhub Ctf WriteupsThis cheasheet is aimed at the CTF Players and Beginners to help them sort Vulnhub Labs. This list contains all the writeups available on hackingarticles.
Stars: ✭ 368 (+104.44%)
SerpentineC++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
Stars: ✭ 216 (+20%)
TigersharkBilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.
Stars: ✭ 212 (+17.78%)
SitadelWeb Application Security Scanner
Stars: ✭ 360 (+100%)
DartDART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.
Stars: ✭ 207 (+15%)
Zap CliA simple tool for interacting with OWASP ZAP from the commandline.
Stars: ✭ 166 (-7.78%)
LnkupGenerates malicious LNK file payloads for data exfiltration
Stars: ✭ 205 (+13.89%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+2051.67%)
SkaSimple Karma Attack
Stars: ✭ 55 (-69.44%)
InteractivecanvasLibrary for distribution canvas animation over set of devices
Stars: ✭ 351 (+95%)
Remote Desktop CachingThis tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Stars: ✭ 171 (-5%)
PacuThe AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Stars: ✭ 2,451 (+1261.67%)
ReconnoitreA security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+913.33%)
VailynA phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Stars: ✭ 103 (-42.78%)
linkA clojure framework for nonblocking network programming
Stars: ✭ 63 (-65%)