reconmapVulnerability assessment and penetration testing automation and reporting platform for teams.
Stars: ✭ 242 (+734.48%)
SwiftnessxA cross-platform note-taking & target-tracking app for penetration testers.
Stars: ✭ 673 (+2220.69%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+11758.62%)
Black WidowGUI based offensive penetration testing tool (Open Source)
Stars: ✭ 124 (+327.59%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+913.79%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (+555.17%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+389.66%)
vulnerabilitiesList of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-51.72%)
sqlscanQuick SQL Scanner, Dorker, Webshell injector PHP
Stars: ✭ 140 (+382.76%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+1241.38%)
Awesome HackingA collection of various awesome lists for hackers, pentesters and security researchers
Stars: ✭ 48,038 (+165548.28%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+6548.28%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (+48.28%)
KeyeKeye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.
Stars: ✭ 101 (+248.28%)
ArachniWeb Application Security Scanner Framework
Stars: ✭ 2,942 (+10044.83%)
PidrilaPython Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (+331.03%)
SublertSublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
Stars: ✭ 699 (+2310.34%)
Mssqli DuetSQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
Stars: ✭ 82 (+182.76%)
NightingaleIt's a Docker Environment for pentesting which having all the required tool for VAPT.
Stars: ✭ 119 (+310.34%)
clairvoyanceObtain GraphQL API Schema even if the introspection is not enabled
Stars: ✭ 448 (+1444.83%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+24886.21%)
PhpvulnAudit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (+403.45%)
credcheckCredentials Checking Framework
Stars: ✭ 50 (+72.41%)
roboxtractorExtract endpoints marked as disallow in robots files to generate wordlists.
Stars: ✭ 40 (+37.93%)
xecaPowerShell payload generator
Stars: ✭ 103 (+255.17%)
hasherbasherSQL injection via bruteforced MD5 hash reflection of random strings
Stars: ✭ 40 (+37.93%)
Bug-HuntingA Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.
Stars: ✭ 110 (+279.31%)
crtfinderFast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques
Stars: ✭ 96 (+231.03%)
pyhtoolsA Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.
Stars: ✭ 166 (+472.41%)
lavaMicrosoft Azure Exploitation Framework
Stars: ✭ 46 (+58.62%)
remote-adb-scanpure python remote adb scanner + nmap scan module
Stars: ✭ 19 (-34.48%)
GoPhish-TemplatesGoPhish Templates that I have retired and/or templates I've recreated.
Stars: ✭ 76 (+162.07%)
DevBrute-A Password Brute ForcerDevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.
Stars: ✭ 91 (+213.79%)
SSI Extra MaterialsIn my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them
Stars: ✭ 42 (+44.83%)
tryhackme-ctfTryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.
Stars: ✭ 140 (+382.76%)
hathiA dictionary attack tool for PostgreSQL and MSSQL
Stars: ✭ 33 (+13.79%)
Intel-OneCommand line tool for passive reconnaissance, able to gather and link public information to a target domain, company or individual. It can make intelligence gathering faster and more effective by drastically reducing manual user interaction. This is achieved through the engineering of a highly customisable single input to multiple output solutio…
Stars: ✭ 23 (-20.69%)
mec-ngpentest toolbox
Stars: ✭ 28 (-3.45%)
Awesome-CyberSec-ResourcesAn awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)
Stars: ✭ 273 (+841.38%)
LscriptThe LAZY script will make your life easier, and of course faster.
Stars: ✭ 3,056 (+10437.93%)
Sh00tSecurity Testing is not as simple as right click > Scan. It's messy, a tough game. What if you had missed to test just that one thing and had to regret later? Sh00t is a highly customizable, intelligent platform that understands the life of bug hunters and emphasizes on manual security testing.
Stars: ✭ 245 (+744.83%)
frisbeeCollect email addresses by crawling search engine results.
Stars: ✭ 29 (+0%)
AryAry 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (+731.03%)
Wifi DumperThis is an open source tool to dump the wifi profiles and cleartext passwords of the connected access points on the Windows machine. This tool will help you in a Wifi penetration testing. Furthermore, it is useful while performing red team or an internal infrastructure engagements.
Stars: ✭ 242 (+734.48%)
KaliIntelligenceSuiteKali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.
Stars: ✭ 58 (+100%)
VPS-Bug-Bounty-ToolsScript that automates the installation of the main tools used for web application penetration testing and Bug Bounty.
Stars: ✭ 44 (+51.72%)
minipwnerA script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".
Stars: ✭ 53 (+82.76%)
brutekragPenetration tests on SSH servers using brute force or dictionary attacks. Written in Python.
Stars: ✭ 30 (+3.45%)
Icg AutoexploiterbotWordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥
Stars: ✭ 242 (+734.48%)
RubyfuRubyfu, where Ruby goes evil!
Stars: ✭ 228 (+686.21%)
fleexFleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.
Stars: ✭ 181 (+524.14%)
ArmorArmor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners.
Stars: ✭ 228 (+686.21%)
solutions-bwappIn progress rough solutions to bWAPP / bee-box
Stars: ✭ 158 (+444.83%)
CameradarCameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+9468.97%)
Darkspiritz🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍
Stars: ✭ 219 (+655.17%)