ArlARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Stars: ✭ 1,357 (+519.63%)
BlackmambaC2/post-exploitation framework
Stars: ✭ 544 (+148.4%)
Thc Ipv6IPv6 attack toolkit
Stars: ✭ 673 (+207.31%)
Dnsubdnsub一款好用的子域名扫描工具
Stars: ✭ 106 (-51.6%)
Security whitepapersCollection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
Stars: ✭ 644 (+194.06%)
WhonowA "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)
Stars: ✭ 533 (+143.38%)
Mida MultitoolBash script purposed for system enumeration, vulnerability identification and privilege escalation.
Stars: ✭ 144 (-34.25%)
VsauditVOIP Security Audit Framework
Stars: ✭ 97 (-55.71%)
SubtakeAutomatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.
Stars: ✭ 104 (-52.51%)
MsdatMSDAT: Microsoft SQL Database Attacking Tool
Stars: ✭ 621 (+183.56%)
PrintspooferAbusing Impersonation Privileges on Windows 10 and Server 2019
Stars: ✭ 613 (+179.91%)
Bugcrowd Levelup Subdomain EnumerationThis repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
Stars: ✭ 513 (+134.25%)
Werdlists⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Stars: ✭ 216 (-1.37%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+132.42%)
M4ngl3m3Common password pattern generator using strings list
Stars: ✭ 103 (-52.97%)
MonkeyInfection Monkey - An automated pentest tool
Stars: ✭ 5,572 (+2444.29%)
DeepseaDeepSea Phishing Gear
Stars: ✭ 96 (-56.16%)
CrackmapexecA swiss army knife for pentesting networks
Stars: ✭ 5,445 (+2386.3%)
Platypus🔨 A modern multiple reverse shell sessions manager wrote in go
Stars: ✭ 559 (+155.25%)
Intrec PackIntelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (-19.18%)
MxtractmXtract - Memory Extractor & Analyzer
Stars: ✭ 499 (+127.85%)
DawsAdvanced Web Shell
Stars: ✭ 551 (+151.6%)
FuseA penetration testing tool for finding file upload bugs (NDSS 2020)
Stars: ✭ 147 (-32.88%)
ScantronA distributed nmap / masscan scanning framework complete with an API client for automation workflows
Stars: ✭ 542 (+147.49%)
HackvaultA container repository for my public web hacks!
Stars: ✭ 1,364 (+522.83%)
MosintAn automated e-mail OSINT tool
Stars: ✭ 184 (-15.98%)
O365reconretrieve information via O365 with a valid cred
Stars: ✭ 204 (-6.85%)
Resource filesmosquito - Automating reconnaissance and brute force attacks
Stars: ✭ 95 (-56.62%)
Commando VmComplete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution.
[email protected] Stars: ✭ 5,030 (+2196.8%)
Red Teaming ToolkitThis repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Stars: ✭ 5,615 (+2463.93%)
YamsA collection of Ansible roles for automating infosec builds.
Stars: ✭ 98 (-55.25%)
Web BrutatorFast Modular Web Interfaces Bruteforcer
Stars: ✭ 97 (-55.71%)
Put2winScript to automate PUT HTTP method exploitation to get shell
Stars: ✭ 96 (-56.16%)
FuxploiderFile upload vulnerability scanner and exploitation tool.
Stars: ✭ 1,997 (+811.87%)
WeirdaalWeirdAAL (AWS Attack Library)
Stars: ✭ 503 (+129.68%)
Win PortfwdPowershell script to setup windows port forwarding using native netsh client
Stars: ✭ 95 (-56.62%)
SwurgParse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 94 (-57.08%)
Iprotate burp extensionExtension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
Stars: ✭ 484 (+121%)
Dictionary Of PentestingDictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (+124.66%)
Ssh MitmSSH man-in-the-middle tool
Stars: ✭ 1,328 (+506.39%)
GitmailsAn information gathering tool to collect git commit emails in version control host services
Stars: ✭ 142 (-35.16%)
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+2763.01%)
Xerrorfully automated pentesting tool
Stars: ✭ 173 (-21%)
Print My ShellPython script wrote to automate the process of generating various reverse shells.
Stars: ✭ 140 (-36.07%)
BadpodsA collection of manifests that will create pods with elevated privileges.
Stars: ✭ 93 (-57.53%)
Foolavcfoolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV
Stars: ✭ 93 (-57.53%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-13.24%)
HacktricksWelcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Stars: ✭ 3,741 (+1608.22%)
Sqlite LabThis code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/
Stars: ✭ 140 (-36.07%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+500.91%)
H4ckerThis repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
Stars: ✭ 10,451 (+4672.15%)