PrintspooferAbusing Impersonation Privileges on Windows 10 and Server 2019
Stars: ✭ 613 (+588.76%)
SuboverA Powerful Subdomain Takeover Tool
Stars: ✭ 607 (+582.02%)
DirhuntFind web directories without bruteforce
Stars: ✭ 983 (+1004.49%)
XsserCross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
Stars: ✭ 606 (+580.9%)
DotdotpwnDotDotPwn - The Directory Traversal Fuzzer
Stars: ✭ 601 (+575.28%)
Scanners BoxA powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑
Stars: ✭ 5,590 (+6180.9%)
MonkeyInfection Monkey - An automated pentest tool
Stars: ✭ 5,572 (+6160.67%)
StegextractDetect hidden files and text in images
Stars: ✭ 79 (-11.24%)
Attack Surface Detector BurpThe Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
Stars: ✭ 63 (-29.21%)
Holeheholehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.
Stars: ✭ 568 (+538.2%)
GoscanInteractive Network Scanner
Stars: ✭ 795 (+793.26%)
Damn Vulnerable Graphql ApplicationDamn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
Stars: ✭ 567 (+537.08%)
Mongoaudit🔥 A powerful MongoDB auditing and pentesting tool 🔥
Stars: ✭ 1,174 (+1219.1%)
PrivescA collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Stars: ✭ 786 (+783.15%)
StargatherA fast GitHub stargazers information gathering tool
Stars: ✭ 30 (-66.29%)
FavfreakMaking Favicon.ico based Recon Great again !
Stars: ✭ 564 (+533.71%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+337.08%)
OscpMy OSCP journey
Stars: ✭ 50 (-43.82%)
Dsinternals Directory Services Internals (DSInternals) PowerShell Module and Framework
Stars: ✭ 776 (+771.91%)
Pentesting CookbookA set of recipes useful in pentesting and red teaming scenarios
Stars: ✭ 82 (-7.87%)
NeedleThe iOS Security Testing Framework
Stars: ✭ 1,122 (+1160.67%)
P0wny ShellSingle-file PHP shell
Stars: ✭ 949 (+966.29%)
Platypus🔨 A modern multiple reverse shell sessions manager wrote in go
Stars: ✭ 559 (+528.09%)
Osi.igInformation Gathering Instagram.
Stars: ✭ 377 (+323.6%)
Rapidscan🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (+770.79%)
SsrfmapSimple Server Side Request Forgery services enumeration tool.
Stars: ✭ 50 (-43.82%)
NishangNishang - Offensive PowerShell for red team, penetration testing and offensive security.
Stars: ✭ 5,943 (+6577.53%)
Netmap.jsFast browser-based network discovery module
Stars: ✭ 70 (-21.35%)
TheharvesterE-mails, subdomains and names Harvester - OSINT
Stars: ✭ 6,175 (+6838.2%)
VhostscanA virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+761.8%)
BlackratBlackRAT - Java Based Remote Administrator Tool
Stars: ✭ 87 (-2.25%)
AmassIn-depth Attack Surface Mapping and Asset Discovery
Stars: ✭ 6,284 (+6960.67%)
Decoder Plus PlusAn extensible application for penetration testers and software developers to decode/encode data into various formats.
Stars: ✭ 79 (-11.24%)
Fwdsh3llForward shell generation framework
Stars: ✭ 62 (-30.34%)
InfogaInfoga - Email OSINT
Stars: ✭ 947 (+964.04%)
Th3inspectorTh3Inspector 🕵️ Best Tool For Information Gathering 🔎
Stars: ✭ 1,041 (+1069.66%)
SitadelWeb Application Security Scanner
Stars: ✭ 360 (+304.49%)
Pentesting toolkit🏴☠️ Tools for pentesting, CTFs & wargames. 🏴☠️
Stars: ✭ 1,268 (+1324.72%)
Github ReconGitHub Recon — and what you can achieve with it!
Stars: ✭ 47 (-47.19%)
WatchdogWatchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (+287.64%)
Easy hackHack the World using Termux
Stars: ✭ 549 (+516.85%)
ZenFind emails of Github users
Stars: ✭ 343 (+285.39%)
InstatrackConvert Instagram user ID to username & vice versa
Stars: ✭ 70 (-21.35%)
UrlextractorInformation gathering & website reconnaissance | https://phishstats.info/
Stars: ✭ 341 (+283.15%)
Linuxprivcheckerlinuxprivchecker.py -- a Linux Privilege Escalation Check Script
Stars: ✭ 715 (+703.37%)
TtpsTactics, Techniques, and Procedures
Stars: ✭ 335 (+276.4%)
Owasp MasvsThe Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.
Stars: ✭ 1,030 (+1057.3%)
DawsAdvanced Web Shell
Stars: ✭ 551 (+519.1%)
Sherlock🔎 Hunt down social media accounts by username across social networks
Stars: ✭ 28,569 (+32000%)
GogitdumperDump exposed HTTP .git fast
Stars: ✭ 27 (-69.66%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+36876.4%)
ScantronA distributed nmap / masscan scanning framework complete with an API client for automation workflows
Stars: ✭ 542 (+508.99%)
BroxyAn HTTP/HTTPS intercept proxy written in Go.
Stars: ✭ 912 (+924.72%)
AwspxA graph-based tool for visualizing effective access and resource relationships in AWS environments.
Stars: ✭ 546 (+513.48%)