PrivescA collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Stars: ✭ 786 (+3044%)
HarpoonCLI tool for open source and threat intelligence
Stars: ✭ 679 (+2616%)
PwnedornotOSINT Tool for Finding Passwords of Compromised Email Addresses
Stars: ✭ 888 (+3452%)
EvillimiterTool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (+2956%)
XsserCross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
Stars: ✭ 606 (+2324%)
Dradis CeDradis Framework: Colllaboration and reporting for IT Security teams
Stars: ✭ 443 (+1672%)
Operative Frameworkoperative framework is a OSINT investigation framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or results, interact with RESTFul API, write your own modules.
Stars: ✭ 511 (+1944%)
SessiongopherSessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
Stars: ✭ 833 (+3232%)
GorsairGorsair hacks its way into remote docker containers that expose their APIs
Stars: ✭ 678 (+2612%)
CrackmapexecA swiss army knife for pentesting networks
Stars: ✭ 5,445 (+21680%)
Awesome Osint😱 A curated list of amazingly awesome OSINT
Stars: ✭ 7,830 (+31220%)
MxtractmXtract - Memory Extractor & Analyzer
Stars: ✭ 499 (+1896%)
Dictionary Of PentestingDictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (+1868%)
FinalreconThe Last Web Recon Tool You'll Need
Stars: ✭ 888 (+3452%)
InstagramosintAn Instagram Open Source Intelligence Tool
Stars: ✭ 484 (+1836%)
Security whitepapersCollection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
Stars: ✭ 644 (+2476%)
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+24980%)
PupyPupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
Stars: ✭ 6,737 (+26848%)
WhatbreachOSINT tool to find breached emails, databases, pastes, and relevant information
Stars: ✭ 472 (+1788%)
HabuHacking Toolkit
Stars: ✭ 635 (+2440%)
GobusterDirectory/File, DNS and VHost busting tool written in Go
Stars: ✭ 5,356 (+21324%)
TorbotDark Web OSINT Tool
Stars: ✭ 821 (+3184%)
NetcatNetCat for Windows
Stars: ✭ 463 (+1752%)
PerunPerun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架
Stars: ✭ 773 (+2992%)
NullinuxInternal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
Stars: ✭ 451 (+1704%)
SuboverA Powerful Subdomain Takeover Tool
Stars: ✭ 607 (+2328%)
Pwncatpwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Stars: ✭ 904 (+3516%)
FfufFast web fuzzer written in Go
Stars: ✭ 5,687 (+22648%)
Git HoundReconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
Stars: ✭ 602 (+2308%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+1656%)
WitnessmeWeb Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
Stars: ✭ 436 (+1644%)
HashviewA web front-end for password cracking and analytics
Stars: ✭ 601 (+2304%)
BruteCredential stuffing engine built for security professionals
Stars: ✭ 435 (+1640%)
Holeheholehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.
Stars: ✭ 568 (+2172%)
FireelffireELF - Fileless Linux Malware Framework
Stars: ✭ 435 (+1640%)
Osint collectionMaintained collection of OSINT related resources. (All Free & Actionable)
Stars: ✭ 809 (+3136%)
SpoilerwallSpoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!
Stars: ✭ 754 (+2916%)
GitrobReconnaissance tool for GitHub organizations
Stars: ✭ 5,256 (+20924%)
AquatoneA Tool for Domain Flyovers
Stars: ✭ 4,405 (+17520%)
FavfreakMaking Favicon.ico based Recon Great again !
Stars: ✭ 564 (+2156%)
CovertutilsA framework for Backdoor development!
Stars: ✭ 424 (+1596%)
Dref DNS Rebinding Exploitation Framework
Stars: ✭ 423 (+1592%)
Passphrase WordlistPassphrase wordlist and hashcat rules for offline cracking of long, complex passwords
Stars: ✭ 556 (+2124%)
EhtoolsWi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.
Stars: ✭ 422 (+1588%)
ReverseapkQuickly analyze and reverse engineer Android packages
Stars: ✭ 419 (+1576%)
Platypus🔨 A modern multiple reverse shell sessions manager wrote in go
Stars: ✭ 559 (+2136%)
Cloud enumMulti-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
Stars: ✭ 420 (+1580%)
PhoneinfogaPhoneInfoga is one of the most advanced tools to scan international phone numbers using only free resources. It allows you to first gather standard information such as country, area, carrier and line type on any international phone number. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.
Stars: ✭ 5,927 (+23608%)
SecuritySome of my security stuff and vulnerabilities. Nothing advanced. More to come.
Stars: ✭ 835 (+3240%)
SprayingtoolkitScripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
Stars: ✭ 802 (+3108%)
DiamorphineLKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (+2800%)
TheharvesterE-mails, subdomains and names Harvester - OSINT
Stars: ✭ 6,175 (+24600%)
OtsecaOpen source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.
Stars: ✭ 416 (+1564%)
AmassIn-depth Attack Surface Mapping and Asset Discovery
Stars: ✭ 6,284 (+25036%)