GithacktoolsThe best Hacking and PenTesting tools installer on the world
Stars: ✭ 78 (-48%)
CrackmapexecA swiss army knife for pentesting networks
Stars: ✭ 5,445 (+3530%)
MxtractmXtract - Memory Extractor & Analyzer
Stars: ✭ 499 (+232.67%)
Jsdoc To MarkdownGenerate markdown documentation from jsdoc-annotated javascript
Stars: ✭ 1,199 (+699.33%)
Dictionary Of PentestingDictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (+228%)
Pretty SwagPretty UI for Swagger spec
Stars: ✭ 112 (-25.33%)
InstagramosintAn Instagram Open Source Intelligence Tool
Stars: ✭ 484 (+222.67%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (+696%)
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+4080%)
OpensquatDetection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
Stars: ✭ 149 (-0.67%)
WhatbreachOSINT tool to find breached emails, databases, pastes, and relevant information
Stars: ✭ 472 (+214.67%)
BucketlistAmazon S3 bucket spelunking!
Stars: ✭ 72 (-52%)
GobusterDirectory/File, DNS and VHost busting tool written in Go
Stars: ✭ 5,356 (+3470.67%)
NetcatNetCat for Windows
Stars: ✭ 463 (+208.67%)
JwtxploiterA tool to test security of json web token
Stars: ✭ 130 (-13.33%)
NullinuxInternal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
Stars: ✭ 451 (+200.67%)
GitgrabergitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Stars: ✭ 1,164 (+676%)
CtfrAbusing Certificate Transparency logs for getting HTTPS websites subdomains.
Stars: ✭ 1,535 (+923.33%)
FfufFast web fuzzer written in Go
Stars: ✭ 5,687 (+3691.33%)
PentestingazureappsScript samples from the book Pentesting Azure Applications (2018, No Starch Press)
Stars: ✭ 69 (-54%)
WitnessmeWeb Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
Stars: ✭ 436 (+190.67%)
SilentbridgeSilentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.
Stars: ✭ 136 (-9.33%)
GtfonowAutomatic privilege escalation for misconfigured capabilities, sudo and suid binaries
Stars: ✭ 68 (-54.67%)
Awesome OscpA curated list of awesome OSCP resources
Stars: ✭ 804 (+436%)
KatzkatzPython3 script to parse txt files containing Mimikatz output
Stars: ✭ 91 (-39.33%)
GoscanInteractive Network Scanner
Stars: ✭ 795 (+430%)
AlephSearch and browse documents and data; find the people and companies you look for.
Stars: ✭ 1,539 (+926%)
CloakifyCloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+657.33%)
Dref DNS Rebinding Exploitation Framework
Stars: ✭ 423 (+182%)
Poc T渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework
Stars: ✭ 1,722 (+1048%)
ReverseapkQuickly analyze and reverse engineer Android packages
Stars: ✭ 419 (+179.33%)
Attack Surface Detector BurpThe Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
Stars: ✭ 63 (-58%)
PhoneinfogaPhoneInfoga is one of the most advanced tools to scan international phone numbers using only free resources. It allows you to first gather standard information such as country, area, carrier and line type on any international phone number. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.
Stars: ✭ 5,927 (+3851.33%)
PrivescA collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Stars: ✭ 786 (+424%)
Drf SpectacularSane and flexible OpenAPI 3 schema generation for Django REST framework.
Stars: ✭ 414 (+176%)
Dfw1n OsintAustralian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers
Stars: ✭ 63 (-58%)
ApkurlgrepExtract endpoints from APK files
Stars: ✭ 405 (+170%)
Breach.twA service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.
Stars: ✭ 144 (-4%)
TrigmapA wrapper for Nmap to quickly run network scans
Stars: ✭ 132 (-12%)
SarenkaOSINT tool - gets data from services like shodan, censys etc. in one app
Stars: ✭ 120 (-20%)
Tidos FrameworkThe Offensive Manual Web Application Penetration Testing Framework.
Stars: ✭ 1,290 (+760%)
ApidocRESTful API 文档生成工具,支持 Go、Java、Swift、JavaScript、Rust、PHP、Python、Typescript、Kotlin 和 Ruby 等大部分语言。
Stars: ✭ 785 (+423.33%)
Censys Subdomain Finder⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
Stars: ✭ 402 (+168%)
SocialpwnedSocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks such as Instagram, Linkedin and Twitter to find possible credentials leaks in PwnDB.
Stars: ✭ 104 (-30.67%)
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-58.67%)
Top25 ParameterFor basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Stars: ✭ 388 (+158.67%)
DnstrickerA simple dns resolver of dns-record and web-record log server for pentesting
Stars: ✭ 128 (-14.67%)
ParamspiderMining parameters from dark corners of Web Archives
Stars: ✭ 781 (+420.67%)
Eyes.shLet's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
Stars: ✭ 89 (-40.67%)
Awesome Osint😱 A curated list of amazingly awesome OSINT
Stars: ✭ 7,830 (+5120%)
TrapePeople tracker on the Internet: OSINT analysis and research tool by Jose Pino
Stars: ✭ 6,753 (+4402%)
RulerA tool to abuse Exchange services
Stars: ✭ 1,684 (+1022.67%)
AcamarA Python3 based single-file subdomain enumerator
Stars: ✭ 89 (-40.67%)