ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+214.19%)
Dictionary Of PentestingDictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (+58.71%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-88.71%)
XspearPowerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (+88.06%)
Offensive DockerOffensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Stars: ✭ 328 (+5.81%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+528.71%)
RescopeRescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: ✭ 156 (-49.68%)
SocialfishPhishing Tool & Information Collector
Stars: ✭ 2,522 (+713.55%)
GetjsA tool to fastly get all javascript sources/files
Stars: ✭ 190 (-38.71%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-54.19%)
xssfinderToolset for detecting reflected xss in websites
Stars: ✭ 105 (-66.13%)
project-blackPentest/BugBounty progress control with scanning modules
Stars: ✭ 279 (-10%)
CcatCloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
Stars: ✭ 300 (-3.23%)
XssmapXSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
Stars: ✭ 134 (-56.77%)
QuiverQuiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (-54.84%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-41.29%)
PasscatPasswords Recovery Tool
Stars: ✭ 164 (-47.1%)
CommixAutomated All-in-One OS Command Injection Exploitation Tool.
Stars: ✭ 3,016 (+872.9%)
Cc.pyExtracting URLs of a specific target based on the results of "commoncrawl.org"
Stars: ✭ 250 (-19.35%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-90%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+1149.35%)
PastebinMarkdownXSSXSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (-72.9%)
EagleMultithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (-72.58%)
PentestingMisc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-92.26%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+1030%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-86.13%)
SecurityExplainedSecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.
Stars: ✭ 301 (-2.9%)
DorknetSelenium powered Python script to automate searching for vulnerable web apps.
Stars: ✭ 256 (-17.42%)
TrigmapA wrapper for Nmap to quickly run network scans
Stars: ✭ 132 (-57.42%)
ReconnessReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (-57.74%)
Mida MultitoolBash script purposed for system enumeration, vulnerability identification and privilege escalation.
Stars: ✭ 144 (-53.55%)
Evil WinrmThe ultimate WinRM shell for hacking/pentesting
Stars: ✭ 2,251 (+626.13%)
Intrec PackIntelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (-42.9%)
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (-39.68%)
JwtxploiterA tool to test security of json web token
Stars: ✭ 130 (-58.06%)
Oscp Cheat SheetThis is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder
Stars: ✭ 216 (-30.32%)
Capsulecorp PentestVagrant VirtualBox environment for conducting an internal network penetration test
Stars: ✭ 214 (-30.97%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (-5.16%)
rejigTurn your VPS into an attack box
Stars: ✭ 33 (-89.35%)
flydnsRelated subdomains finder
Stars: ✭ 29 (-90.65%)
HettyHetty is an HTTP toolkit for security research.
Stars: ✭ 3,596 (+1060%)
Cloud BusterA Cloudflare resolver that works
Stars: ✭ 128 (-58.71%)
CloudbruteAwesome cloud enumerator
Stars: ✭ 268 (-13.55%)
HolyTipsA Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Stars: ✭ 1,210 (+290.32%)
leaky-pathsA collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+63.55%)
ResourcesNo description or website provided.
Stars: ✭ 38 (-87.74%)
vulnerabilitiesList of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-95.48%)
spellbookFramework for rapid development and reusable of security tools
Stars: ✭ 67 (-78.39%)
Project BlackPentest/BugBounty progress control with scanning modules
Stars: ✭ 257 (-17.1%)
xssmapIntelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
Stars: ✭ 107 (-65.48%)
avainA Modular Framework for the Automated Vulnerability Analysis in IP-based Networks
Stars: ✭ 56 (-81.94%)
offensive-docker-vpsCreate a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.
Stars: ✭ 66 (-78.71%)
LazyreconAn automated approach to performing recon for bug bounty hunting and penetration testing.
Stars: ✭ 282 (-9.03%)
sub404A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (-33.87%)
AsnipASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Stars: ✭ 126 (-59.35%)