BifrostBifrost C2. Open-source post-exploitation using Discord API
Stars: ✭ 37 (-93.2%)
Dumpsterfire"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+42.46%)
CloakifyCloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+108.82%)
Black Hat RustApplied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB
Stars: ✭ 331 (-39.15%)
LAZYPARIAHA tool for generating reverse shell payloads on the fly.
Stars: ✭ 121 (-77.76%)
Fudgec2FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.
Stars: ✭ 191 (-64.89%)
ligolo-ngAn advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Stars: ✭ 418 (-23.16%)
SipptsSet of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (-78.68%)
HabuHacking Toolkit
Stars: ✭ 635 (+16.73%)
JwtxploiterA tool to test security of json web token
Stars: ✭ 130 (-76.1%)
BigbountyreconBigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (-0.55%)
PacketwhisperPacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Stars: ✭ 405 (-25.55%)
CatnipCat-Nip Automated Basic Pentest Tool - Designed For Kali Linux
Stars: ✭ 108 (-80.15%)
Punk.pyunix SSH post-exploitation 1337 tool
Stars: ✭ 107 (-80.33%)
AirmasterUse ExpiredDomains.net and BlueCoat to find useful domains for red team.
Stars: ✭ 150 (-72.43%)
OblivionData leak checker & OSINT Tool
Stars: ✭ 237 (-56.43%)
Sn1perAttack Surface Management Platform | Sn1perSecurity LLC
Stars: ✭ 4,897 (+800.18%)
PeekABooPeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.
Stars: ✭ 120 (-77.94%)
RPCScanTool to communicate with RPC services and check misconfigurations on NFS shares
Stars: ✭ 53 (-90.26%)
1earnffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Stars: ✭ 3,715 (+582.9%)
XENAXENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring secrecy and resiliency over performance. It's micro-service oriented allowing for specialization and lower footprint. Join the community of the ulti…
Stars: ✭ 127 (-76.65%)
volana🌒 Shell command obfuscation to avoid detection systems
Stars: ✭ 38 (-93.01%)
JusttryharderJustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Stars: ✭ 450 (-17.28%)
uberscanSecurity program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.
Stars: ✭ 31 (-94.3%)
LiteOTPMulti OTP Spam Amp/Paralell threads
Stars: ✭ 50 (-90.81%)
tomcter😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.
Stars: ✭ 18 (-96.69%)
AlanFrameworkA C2 post-exploitation framework
Stars: ✭ 405 (-25.55%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-93.57%)
OverlordOverlord - Red Teaming Infrastructure Automation
Stars: ✭ 258 (-52.57%)
YasuoA ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (-4.96%)
AutoWinAutowin is a framework that helps organizations simulate custom attack scenarios in order to improve detection and response capabilities.
Stars: ✭ 18 (-96.69%)
PyParser-CVEMulti source CVE/exploit parser.
Stars: ✭ 25 (-95.4%)
haiti🔑 Hash type identifier (CLI & lib)
Stars: ✭ 287 (-47.24%)
MacOS-WPA-PSKPoC script showing that MacOS leaves the wireless key in NVRAM, in plaintext and accessible to anyone.
Stars: ✭ 29 (-94.67%)
juumla🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.
Stars: ✭ 107 (-80.33%)
atermIt records your terminal, then lets you upload to ASHIRT
Stars: ✭ 17 (-96.87%)
awesome-pentest-toolsList of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.
Stars: ✭ 34 (-93.75%)
winallenumThis powershell script has got to run in remote hacked windows host, even for pivoting
Stars: ✭ 13 (-97.61%)
MailRipV3SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.
Stars: ✭ 28 (-94.85%)
offensive-docker-vpsCreate a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.
Stars: ✭ 66 (-87.87%)
crawleetWeb Recon & Exploitation Tool.
Stars: ✭ 48 (-91.18%)
RmiscoutRMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
Stars: ✭ 296 (-45.59%)
SusanooA REST API security testing framework.
Stars: ✭ 287 (-47.24%)
DotdotslashSearch for Directory Traversal Vulnerabilities
Stars: ✭ 297 (-45.4%)
GetaltnameExtract subdomains from SSL certificates in HTTPS sites.
Stars: ✭ 320 (-41.18%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+543.93%)
KaboomA tool to automate penetration tests
Stars: ✭ 322 (-40.81%)
WatchdogWatchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (-36.58%)
Thc ArchiveAll releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (-12.87%)
Impost3r👻Impost3r -- A linux password thief
Stars: ✭ 355 (-34.74%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+523.35%)
PivotsuiteNetwork Pivoting Toolkit
Stars: ✭ 329 (-39.52%)
Badkarmanetwork reconnaissance toolkit
Stars: ✭ 353 (-35.11%)
PowerhubA post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
Stars: ✭ 431 (-20.77%)
Envizonnetwork visualization & vulnerability management/reporting
Stars: ✭ 382 (-29.78%)
DirbleFast directory scanning and scraping tool
Stars: ✭ 468 (-13.97%)