Awesome OscpA curated list of awesome OSCP resources
Stars: ✭ 804 (+47.79%)
Pathwar☠️ The Pathwar Project ☠️
Stars: ✭ 58 (-89.34%)
Sudo killerA tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
Stars: ✭ 1,073 (+97.24%)
Ssrf TestingSSRF (Server Side Request Forgery) testing resources
Stars: ✭ 1,718 (+215.81%)
Hacker Roadmap📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
Stars: ✭ 7,752 (+1325%)
PymetaPymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.
Stars: ✭ 170 (-68.75%)
Xssor2XSS'OR - Hack with JavaScript.
Stars: ✭ 1,969 (+261.95%)
LiteOTPMulti OTP Spam Amp/Paralell threads
Stars: ✭ 50 (-90.81%)
DiamorphineLKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (+33.27%)
ExploitpackExploit Pack -The next generation exploit framework
Stars: ✭ 728 (+33.82%)
haiti🔑 Hash type identifier (CLI & lib)
Stars: ✭ 287 (-47.24%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-93.57%)
offensive-docker-vpsCreate a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.
Stars: ✭ 66 (-87.87%)
1earn个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Stars: ✭ 776 (+42.65%)
Vulnxvulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
Stars: ✭ 1,009 (+85.48%)
XattackerX Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+64.89%)
SliverAdversary Simulation Framework
Stars: ✭ 1,348 (+147.79%)
Pentest NotesCollection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
Stars: ✭ 89 (-83.64%)
PompemFind exploit tool
Stars: ✭ 786 (+44.49%)
PowerhubA post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
Stars: ✭ 431 (-20.77%)
SilenttrinityAn asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
Stars: ✭ 1,767 (+224.82%)
ReconnoitreA security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+235.29%)
SusanooA REST API security testing framework.
Stars: ✭ 287 (-47.24%)
DirbleFast directory scanning and scraping tool
Stars: ✭ 468 (-13.97%)
Intrec PackIntelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (-67.46%)
ZigdiggityA ZigBee hacking toolkit by Bishop Fox
Stars: ✭ 169 (-68.93%)
GetaltnameExtract subdomains from SSL certificates in HTTPS sites.
Stars: ✭ 320 (-41.18%)
AlanFrameworkA C2 post-exploitation framework
Stars: ✭ 405 (-25.55%)
sqlscanQuick SQL Scanner, Dorker, Webshell injector PHP
Stars: ✭ 140 (-74.26%)
RmiscoutRMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
Stars: ✭ 296 (-45.59%)
KaboomA tool to automate penetration tests
Stars: ✭ 322 (-40.81%)
PivotsuiteNetwork Pivoting Toolkit
Stars: ✭ 329 (-39.52%)
AutoWinAutowin is a framework that helps organizations simulate custom attack scenarios in order to improve detection and response capabilities.
Stars: ✭ 18 (-96.69%)
PeekABooPeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.
Stars: ✭ 120 (-77.94%)
volana🌒 Shell command obfuscation to avoid detection systems
Stars: ✭ 38 (-93.01%)
Impost3r👻Impost3r -- A linux password thief
Stars: ✭ 355 (-34.74%)
awesome-pentest-toolsList of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.
Stars: ✭ 34 (-93.75%)
1earnffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Stars: ✭ 3,715 (+582.9%)
winallenumThis powershell script has got to run in remote hacked windows host, even for pivoting
Stars: ✭ 13 (-97.61%)
uberscanSecurity program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.
Stars: ✭ 31 (-94.3%)
crawleetWeb Recon & Exploitation Tool.
Stars: ✭ 48 (-91.18%)
Ladon大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+435.11%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+543.93%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+523.35%)
AiodnsbrutePython 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (-31.99%)
SubscraperSubdomain enumeration through various techniques
Stars: ✭ 265 (-51.29%)
DotdotslashSearch for Directory Traversal Vulnerabilities
Stars: ✭ 297 (-45.4%)
OverlordOverlord - Red Teaming Infrastructure Automation
Stars: ✭ 258 (-52.57%)
Badkarmanetwork reconnaissance toolkit
Stars: ✭ 353 (-35.11%)
Hack ToolsThe all-in-one Red Team extension for Web Pentester 🛠
Stars: ✭ 2,750 (+405.51%)
tomcter😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.
Stars: ✭ 18 (-96.69%)
WatchdogWatchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (-36.58%)