DirsearchWeb path scanner
Stars: ✭ 7,246 (+27.41%)
CameradarCameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (-51.2%)
SubtakeAutomatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.
Stars: ✭ 104 (-98.17%)
JusttryharderJustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Stars: ✭ 450 (-92.09%)
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-98.91%)
PrismaticaResponsive Command and Control System
Stars: ✭ 81 (-98.58%)
WincmdfuWindows one line commands that make life easier, shortcuts and command line fu.
Stars: ✭ 145 (-97.45%)
DorknetSelenium powered Python script to automate searching for vulnerable web apps.
Stars: ✭ 256 (-95.5%)
GetjsA tool to fastly get all javascript sources/files
Stars: ✭ 190 (-96.66%)
PhishapiComprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
Stars: ✭ 272 (-95.22%)
Dumpsterfire"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (-86.37%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (-79%)
CloakifyCloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (-80.02%)
Spaces FinderA tool to hunt for publicly accessible DigitalOcean Spaces
Stars: ✭ 122 (-97.85%)
Jsonpjsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.
Stars: ✭ 131 (-97.7%)
HawkeyeHawkeye filesystem analysis tool
Stars: ✭ 202 (-96.45%)
Hacker ContainerContainer with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
Stars: ✭ 105 (-98.15%)
Apac ConferencesA community contributed consolidated list of InfoSec meetups in the Asia Pacific region.
Stars: ✭ 90 (-98.42%)
GrammarinatorANTLR v4 grammar-based test generator
Stars: ✭ 162 (-97.15%)
QuickScanPort scanning and domain utility.
Stars: ✭ 26 (-99.54%)
Juice Shop CtfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
Stars: ✭ 238 (-95.82%)
GetaltnameExtract subdomains from SSL certificates in HTTPS sites.
Stars: ✭ 320 (-94.37%)
HettyHetty is an HTTP toolkit for security research.
Stars: ✭ 3,596 (-36.77%)
Infosec referenceAn Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (-26.82%)
GorsairGorsair hacks its way into remote docker containers that expose their APIs
Stars: ✭ 678 (-88.08%)
NmapIdiomatic nmap library for go developers
Stars: ✭ 391 (-93.12%)
Passphrase WordlistPassphrase wordlist and hashcat rules for offline cracking of long, complex passwords
Stars: ✭ 556 (-90.22%)
Mongoaudit🔥 A powerful MongoDB auditing and pentesting tool 🔥
Stars: ✭ 1,174 (-79.36%)
Red Team Curation ListA list to discover work of red team tooling and methodology for penetration testing and security assessment
Stars: ✭ 68 (-98.8%)
Pentesting toolkit🏴☠️ Tools for pentesting, CTFs & wargames. 🏴☠️
Stars: ✭ 1,268 (-77.7%)
Red Teaming ToolkitThis repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Stars: ✭ 5,615 (-1.27%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (-65.73%)
Mitmap📡 A python program to create a fake AP and sniff data.
Stars: ✭ 1,526 (-73.17%)
MetabigorIntelligence tool but without API key
Stars: ✭ 424 (-92.54%)
AnsvifA Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.
Stars: ✭ 107 (-98.12%)
Awesome Shodan Queries🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Stars: ✭ 2,758 (-51.5%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-96.8%)
Scout🔭 Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs
Stars: ✭ 241 (-95.76%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (-91.05%)
Deimosc2DeimosC2 is a Golang command and control framework for post-exploitation.
Stars: ✭ 423 (-92.56%)
FleetA flexible control server for osquery fleets
Stars: ✭ 1,068 (-81.22%)
SlurpEvaluate the security of S3 buckets
Stars: ✭ 183 (-96.78%)
Ciphey⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Stars: ✭ 9,116 (+60.3%)
SimpleKeyloggerSimple Keylogger with smtp to send emails on your account using python works on linux and Windows
Stars: ✭ 32 (-99.44%)
giggerGit folder digger, I'm sure it's worthwhile stuff.
Stars: ✭ 39 (-99.31%)
CloudbruteAwesome cloud enumerator
Stars: ✭ 268 (-95.29%)
Name That Hash🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥
Stars: ✭ 540 (-90.5%)
FuzzdictsWeb Pentesting Fuzz 字典,一个就够了。
Stars: ✭ 4,013 (-29.44%)
Gray hat csharp codeThis repository contains full code examples from the book Gray Hat C#
Stars: ✭ 301 (-94.71%)
Rustscan🤖 The Modern Port Scanner 🤖
Stars: ✭ 5,218 (-8.25%)
Xunfeng巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
Stars: ✭ 3,131 (-44.94%)
SpiderfootSpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+21.01%)
Dradis CeDradis Framework: Colllaboration and reporting for IT Security teams
Stars: ✭ 443 (-92.21%)
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+10.25%)
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (-43.77%)
SecuritymanageframworkSecurity Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
Stars: ✭ 378 (-93.35%)
ApkurlgrepExtract endpoints from APK files
Stars: ✭ 405 (-92.88%)