PasscatPasswords Recovery Tool
Stars: ✭ 164 (-33.6%)
SnoopSnoop — инструмент разведки на основе открытых данных (OSINT world)
Stars: ✭ 886 (+258.7%)
Macro packmacro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
Stars: ✭ 1,072 (+334.01%)
NishangNishang - Offensive PowerShell for red team, penetration testing and offensive security.
Stars: ✭ 5,943 (+2306.07%)
1earnffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Stars: ✭ 3,715 (+1404.05%)
LeakscraperLeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.
Stars: ✭ 227 (-8.1%)
moonwalkCover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚
Stars: ✭ 544 (+120.24%)
volana🌒 Shell command obfuscation to avoid detection systems
Stars: ✭ 38 (-84.62%)
HershellHershell is a simple TCP reverse shell written in Go.
Stars: ✭ 442 (+78.95%)
GorshA Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface
Stars: ✭ 97 (-60.73%)
Slack WatchmanMonitoring your Slack workspaces for sensitive information
Stars: ✭ 159 (-35.63%)
Gitlab WatchmanMonitoring GitLab for sensitive data shared publicly
Stars: ✭ 127 (-48.58%)
github-watchmanMonitoring GitHub for sensitive data shared publicly
Stars: ✭ 60 (-75.71%)
Red Team Curation ListA list to discover work of red team tooling and methodology for penetration testing and security assessment
Stars: ✭ 68 (-72.47%)
dummyDLLUtility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.
Stars: ✭ 35 (-85.83%)
NIST-to-TechAn open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
Stars: ✭ 61 (-75.3%)
MxtractmXtract - Memory Extractor & Analyzer
Stars: ✭ 499 (+102.02%)
MurMurHashThis little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Stars: ✭ 79 (-68.02%)
JiraffeOne stop place for exploiting Jira instances in your proximity
Stars: ✭ 157 (-36.44%)
CloudbruteAwesome cloud enumerator
Stars: ✭ 268 (+8.5%)
linkedinscraperLinkedinScraper is an another information gathering tool written in python. You can scrape employees of companies on Linkedin.com and then create these employee names, titles and emails.
Stars: ✭ 22 (-91.09%)
ChashellChashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
Stars: ✭ 742 (+200.4%)
WsmanagerWebshell Manager
Stars: ✭ 99 (-59.92%)
NetpwnTool made to automate tasks of pentesting.
Stars: ✭ 152 (-38.46%)
PhoniaPhonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.
Stars: ✭ 221 (-10.53%)
Awesome Shodan Queries🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Stars: ✭ 2,758 (+1016.6%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-26.32%)
CypherothAutomated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.
Stars: ✭ 179 (-27.53%)
PhishmailerGenerate Professional Phishing Emails Fast And Easy
Stars: ✭ 227 (-8.1%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (-12.96%)
PoshkeepassPowerShell module for KeePass
Stars: ✭ 177 (-28.34%)
MiniprintA medium interaction printer honeypot 🍯
Stars: ✭ 177 (-28.34%)
SerpentineC++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
Stars: ✭ 216 (-12.55%)
StegcloakHide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐
Stars: ✭ 2,379 (+863.16%)
YarYar is a tool for plunderin' organizations, users and/or repositories.
Stars: ✭ 174 (-29.55%)
KubestrikerA Blazing fast Security Auditing tool for Kubernetes
Stars: ✭ 213 (-13.77%)
Contact.shAn OSINT tool to find contacts in order to report security vulnerabilities.
Stars: ✭ 216 (-12.55%)
Securityadvisories🔐 Security advisories as a simple composer exclusion list, updated daily
Stars: ✭ 2,279 (+822.67%)
DoxycannonA poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy
Stars: ✭ 216 (-12.55%)
Umbrella androidOpen source Android, iOS and Web app for learning about and managing digital and physical security. From how to send a secure message to dealing with a kidnap. Umbrella has best practice guides in over 40 topics in multiple languages. Used daily by people working in high risk countries - journalists, activists, diplomats, business travelers etc.
Stars: ✭ 171 (-30.77%)
Remote Desktop CachingThis tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Stars: ✭ 171 (-30.77%)
Can I Take Over Xyz"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Stars: ✭ 2,808 (+1036.84%)
StracciatellaOpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
Stars: ✭ 171 (-30.77%)
Community ThreatsThe GitHub of Adversary Emulation Plans in JSON. Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans are shared here.
Stars: ✭ 169 (-31.58%)
Pwdb PublicA collection of all the data i could extract from 1 billion leaked credentials from internet.
Stars: ✭ 2,497 (+910.93%)
SmogcloudFind cloud assets that no one wants exposed 🔎 ☁️
Stars: ✭ 168 (-31.98%)
I See YouISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.
Stars: ✭ 246 (-0.4%)
KeydecoderKeyDecoder app lets you use your smartphone or tablet to decode your mechanical keys in seconds.
Stars: ✭ 236 (-4.45%)
CameradarCameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+1023.48%)
IkyOSINT Project
Stars: ✭ 203 (-17.81%)
Dymerge🔓 A dynamic dictionary merger for successful dictionary based attacks.
Stars: ✭ 167 (-32.39%)
PwnshopExploit Development, Reverse Engineering & Cryptography
Stars: ✭ 167 (-32.39%)
Secure DesktopAnti-keylogger/anti-rat application for Windows
Stars: ✭ 201 (-18.62%)
AboutsecurityA list of payload and bypass lists for penetration testing and red team infrastructure build.
Stars: ✭ 166 (-32.79%)