BigbountyreconBigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (+63.44%)
BifrostBifrost C2. Open-source post-exploitation using Discord API
Stars: ✭ 37 (-88.82%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+488.82%)
CloakifyCloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+243.2%)
BlackmambaC2/post-exploitation framework
Stars: ✭ 544 (+64.35%)
Offensive DockerOffensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Stars: ✭ 328 (-0.91%)
Awesome OscpA curated list of awesome OSCP resources
Stars: ✭ 804 (+142.9%)
Dumpsterfire"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+134.14%)
ThecollectiveThe Collective. A repo for a collection of red-team projects found mostly on Github.
Stars: ✭ 85 (-74.32%)
PidrilaPython Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (-62.24%)
Findom XssA fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (-6.34%)
TrigmapA wrapper for Nmap to quickly run network scans
Stars: ✭ 132 (-60.12%)
Mida MultitoolBash script purposed for system enumeration, vulnerability identification and privilege escalation.
Stars: ✭ 144 (-56.5%)
Invoke ApexA PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.
Stars: ✭ 162 (-51.06%)
GetaltnameExtract subdomains from SSL certificates in HTTPS sites.
Stars: ✭ 320 (-3.32%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+958.31%)
Hack ToolsThe all-in-one Red Team extension for Web Pentester 🛠
Stars: ✭ 2,750 (+730.82%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-45.02%)
InjuredandroidA vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
Stars: ✭ 317 (-4.23%)
Capsulecorp PentestVagrant VirtualBox environment for conducting an internal network penetration test
Stars: ✭ 214 (-35.35%)
PasscatPasswords Recovery Tool
Stars: ✭ 164 (-50.45%)
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (-43.5%)
Oscp Cheat SheetThis is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder
Stars: ✭ 216 (-34.74%)
flydnsRelated subdomains finder
Stars: ✭ 29 (-91.24%)
Evil WinrmThe ultimate WinRM shell for hacking/pentesting
Stars: ✭ 2,251 (+580.06%)
JwtxploiterA tool to test security of json web token
Stars: ✭ 130 (-60.73%)
KaboomA tool to automate penetration tests
Stars: ✭ 322 (-2.72%)
Cloud BusterA Cloudflare resolver that works
Stars: ✭ 128 (-61.33%)
PentmenuA bash script for recon and DOS attacks
Stars: ✭ 288 (-12.99%)
AirmasterUse ExpiredDomains.net and BlueCoat to find useful domains for red team.
Stars: ✭ 150 (-54.68%)
LAZYPARIAHA tool for generating reverse shell payloads on the fly.
Stars: ✭ 121 (-63.44%)
VajraVajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Stars: ✭ 269 (-18.73%)
Intrec PackIntelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (-46.53%)
RaccoonA high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+598.49%)
SocialfishPhishing Tool & Information Collector
Stars: ✭ 2,522 (+661.93%)
HawkeyeHawkeye filesystem analysis tool
Stars: ✭ 202 (-38.97%)
HrshellHRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Stars: ✭ 193 (-41.69%)
Physmem2profitPhysmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
Stars: ✭ 244 (-26.28%)
Aggressor scriptsA collection of useful scripts for Cobalt Strike
Stars: ✭ 126 (-61.93%)
atermIt records your terminal, then lets you upload to ASHIRT
Stars: ✭ 17 (-94.86%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-57.1%)
AutoWinAutowin is a framework that helps organizations simulate custom attack scenarios in order to improve detection and response capabilities.
Stars: ✭ 18 (-94.56%)
juumla🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.
Stars: ✭ 107 (-67.67%)
CcatCloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
Stars: ✭ 300 (-9.37%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-87.01%)
Poet[unmaintained] Post-exploitation tool
Stars: ✭ 184 (-44.41%)
Sub-DrillA very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (-78.85%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-89.43%)
Mr.sipSIP-Based Audit and Attack Tool
Stars: ✭ 266 (-19.64%)
offensive-docker-vpsCreate a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.
Stars: ✭ 66 (-80.06%)
sub404A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (-38.07%)