HashviewA web front-end for password cracking and analytics
Stars: ✭ 601 (-15.23%)
PacketwhisperPacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Stars: ✭ 405 (-42.88%)
MxtractmXtract - Memory Extractor & Analyzer
Stars: ✭ 499 (-29.62%)
Black Hat RustApplied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB
Stars: ✭ 331 (-53.31%)
Jok3rJok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: ✭ 645 (-9.03%)
Top25 ParameterFor basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Stars: ✭ 388 (-45.28%)
Dictionary Of PentestingDictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (-30.61%)
NmapIdiomatic nmap library for go developers
Stars: ✭ 391 (-44.85%)
Kube Scankube-scan: Octarine k8s cluster risk assessment tool
Stars: ✭ 566 (-20.17%)
Fwanalyzera tool to analyze filesystem images for security
Stars: ✭ 382 (-46.12%)
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+784.34%)
SqlmapAutomatic SQL injection and database takeover tool
Stars: ✭ 21,907 (+2989.84%)
GorsairGorsair hacks its way into remote docker containers that expose their APIs
Stars: ✭ 678 (-4.37%)
FireelffireELF - Fileless Linux Malware Framework
Stars: ✭ 435 (-38.65%)
DnsliveryEasy files and payloads delivery over DNS
Stars: ✭ 332 (-53.17%)
RaasnetOpen-Source Ransomware As A Service for Linux, MacOS and Windows
Stars: ✭ 371 (-47.67%)
Platypus🔨 A modern multiple reverse shell sessions manager wrote in go
Stars: ✭ 559 (-21.16%)
Rustscan🤖 The Modern Port Scanner 🤖
Stars: ✭ 5,218 (+635.97%)
Sn1perAttack Surface Management Platform | Sn1perSecurity LLC
Stars: ✭ 4,897 (+590.69%)
RdpasssprayPython3 tool to perform password spraying using RDP
Stars: ✭ 368 (-48.1%)
Security whitepapersCollection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
Stars: ✭ 644 (-9.17%)
PentestkitUseful tools and scripts during Penetration Testing engagements
Stars: ✭ 463 (-34.7%)
RidrelayEnumerate usernames on a domain where you have no creds by using SMB Relay with low priv.
Stars: ✭ 359 (-49.37%)
AwspxA graph-based tool for visualizing effective access and resource relationships in AWS environments.
Stars: ✭ 546 (-22.99%)
OctopusOpen source pre-operation C2 server based on python and powershell
Stars: ✭ 449 (-36.67%)
Badkarmanetwork reconnaissance toolkit
Stars: ✭ 353 (-50.21%)
AutordpwnThe Shadow Attack Framework
Stars: ✭ 688 (-2.96%)
Enum4linux NgA next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
Stars: ✭ 349 (-50.78%)
JusttryharderJustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Stars: ✭ 450 (-36.53%)
Docker Onion NmapScan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.
Stars: ✭ 345 (-51.34%)
Red Teaming ToolkitThis repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Stars: ✭ 5,615 (+691.96%)
Sqli HunterSQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.
Stars: ✭ 340 (-52.05%)
Ssh Mitmssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation
Stars: ✭ 335 (-52.75%)
Powershell RatPython based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
Stars: ✭ 636 (-10.3%)
TtpsTactics, Techniques, and Procedures
Stars: ✭ 335 (-52.75%)
BruteCredential stuffing engine built for security professionals
Stars: ✭ 435 (-38.65%)
CitadelCollection of pentesting scripts
Stars: ✭ 333 (-53.03%)
Npq🎖safely* install packages with npm or yarn by auditing them as part of your install process
Stars: ✭ 513 (-27.64%)
GoohakAutomatically Launch Google Hacking Queries Against A Target Domain
Stars: ✭ 432 (-39.07%)
Offensive DockerOffensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Stars: ✭ 328 (-53.74%)
Langhost👻 A LAN dropbox chatbot controllable via Telegram
Stars: ✭ 324 (-54.3%)
SqliscannerAutomatic SQL injection with Charles and sqlmap api
Stars: ✭ 674 (-4.94%)
ReconnoteWeb Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
Stars: ✭ 322 (-54.58%)
YasuoA ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (-27.08%)
HosthunterHostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-39.77%)
KaboomA tool to automate penetration tests
Stars: ✭ 322 (-54.58%)
NfcgateAn NFC research toolkit application for Android
Stars: ✭ 425 (-40.06%)
Webapp ChecklistTechnical details that a programmer of a web application should consider before making the site public.
Stars: ✭ 320 (-54.87%)
GetaltnameExtract subdomains from SSL certificates in HTTPS sites.
Stars: ✭ 320 (-54.87%)
Bugcrowd Levelup Subdomain EnumerationThis repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
Stars: ✭ 513 (-27.64%)
MetabigorIntelligence tool but without API key
Stars: ✭ 424 (-40.2%)
InjuredandroidA vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
Stars: ✭ 317 (-55.29%)
AirgeddonThis is a multi-use bash script for Linux systems to audit wireless networks.
Stars: ✭ 3,830 (+440.2%)
CovertutilsA framework for Backdoor development!
Stars: ✭ 424 (-40.2%)
VajraVajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Stars: ✭ 269 (-62.06%)
RaptorWeb-based Source Code Vulnerability Scanner
Stars: ✭ 314 (-55.71%)