ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+97.97%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+1372.76%)
Pentesterspecialdict渗透测试人员专用精简化字典 Dictionary for penetration testers happy hacker
Stars: ✭ 391 (-20.53%)
GetaltnameExtract subdomains from SSL certificates in HTTPS sites.
Stars: ✭ 320 (-34.96%)
CloudfailUtilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Stars: ✭ 1,239 (+151.83%)
K8toolsK8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Stars: ✭ 4,173 (+748.17%)
DnsprobeDNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Stars: ✭ 221 (-55.08%)
FuzzdictsWeb Pentesting Fuzz 字典,一个就够了。
Stars: ✭ 4,013 (+715.65%)
Hackers Tool KitIts a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram
Stars: ✭ 211 (-57.11%)
Web BrutatorFast Modular Web Interfaces Bruteforcer
Stars: ✭ 97 (-80.28%)
Offensive DockerOffensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Stars: ✭ 328 (-33.33%)
sub404A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (-58.33%)
AcamarA Python3 based single-file subdomain enumerator
Stars: ✭ 89 (-81.91%)
SonarsearchA MongoDB importer and API for Project Sonars DNS datasets
Stars: ✭ 297 (-39.63%)
AzureAD Autologon BruteBrute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/
Stars: ✭ 90 (-81.71%)
ras-fuzzerRAS(RAndom Subdomain) Fuzzer
Stars: ✭ 42 (-91.46%)
Findom XssA fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (-36.99%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (+142.68%)
K8cscanK8Cscan大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
Stars: ✭ 693 (+40.85%)
Bugcrowd Levelup Subdomain EnumerationThis repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
Stars: ✭ 513 (+4.27%)
Zydra Stars: ✭ 178 (-63.82%)
AiodnsbrutePython 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (-24.8%)
JwtxploiterA tool to test security of json web token
Stars: ✭ 130 (-73.58%)
DumbDumain Bruteforcer - a fast and flexible domain bruteforcer
Stars: ✭ 54 (-89.02%)
ComPPCompany Passwords Profiler (aka ComPP) helps making a bruteforce wordlist for a targeted company.
Stars: ✭ 44 (-91.06%)
uberscanSecurity program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.
Stars: ✭ 31 (-93.7%)
HolyTipsA Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Stars: ✭ 1,210 (+145.93%)
SuboverA Powerful Subdomain Takeover Tool
Stars: ✭ 607 (+23.37%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-92.89%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+296.14%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (-40.24%)
leaky-pathsA collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+3.05%)
JWTweakDetects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Stars: ✭ 85 (-82.72%)
tomcter😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.
Stars: ✭ 18 (-96.34%)
Project BlackPentest/BugBounty progress control with scanning modules
Stars: ✭ 257 (-47.76%)
QuickScanPort scanning and domain utility.
Stars: ✭ 26 (-94.72%)
DorknetSelenium powered Python script to automate searching for vulnerable web apps.
Stars: ✭ 256 (-47.97%)
CloudbruteAwesome cloud enumerator
Stars: ✭ 268 (-45.53%)
DnstwistDomain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Stars: ✭ 3,124 (+534.96%)
GobusterDirectory/File, DNS and VHost busting tool written in Go
Stars: ✭ 5,356 (+988.62%)
LazyreconAn automated approach to performing recon for bug bounty hunting and penetration testing.
Stars: ✭ 282 (-42.68%)
wifi-deautherA fully automatic wifi deauther coded in Python
Stars: ✭ 25 (-94.92%)
XbruteforcerX Brute Forcer Tool 🔓 WordPress , Joomla , DruPal , OpenCart , Magento
Stars: ✭ 261 (-46.95%)
WordlistsInfosec Wordlists
Stars: ✭ 271 (-44.92%)
WirespyFramework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017).
Stars: ✭ 293 (-40.45%)
CcatCloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
Stars: ✭ 300 (-39.02%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+611.99%)
HettyHetty is an HTTP toolkit for security research.
Stars: ✭ 3,596 (+630.89%)
KaboomA tool to automate penetration tests
Stars: ✭ 322 (-34.55%)
offensive-docker-vpsCreate a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.
Stars: ✭ 66 (-86.59%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+589.23%)