Sh00tSecurity Testing is not as simple as right click > Scan. It's messy, a tough game. What if you had missed to test just that one thing and had to regret later? Sh00t is a highly customizable, intelligent platform that understands the life of bug hunters and emphasizes on manual security testing.
Stars: ✭ 245 (+26.29%)
reverieAutomated Pentest Tools Designed For Parrot Linux
Stars: ✭ 77 (-60.31%)
Wifi DumperThis is an open source tool to dump the wifi profiles and cleartext passwords of the connected access points on the Windows machine. This tool will help you in a Wifi penetration testing. Furthermore, it is useful while performing red team or an internal infrastructure engagements.
Stars: ✭ 242 (+24.74%)
AshokAshok is a OSINT Recon Tool , a.k.a 😍 Swiss Army knife .
Stars: ✭ 109 (-43.81%)
RubyfuRubyfu, where Ruby goes evil!
Stars: ✭ 228 (+17.53%)
KaliIntelligenceSuiteKali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.
Stars: ✭ 58 (-70.1%)
CameradarCameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+1330.41%)
c2A simple, extensible C&C beaconing system.
Stars: ✭ 93 (-52.06%)
Darkspiritz🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍
Stars: ✭ 219 (+12.89%)
ADMMutateClassic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…
Stars: ✭ 69 (-64.43%)
Werdlists⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Stars: ✭ 216 (+11.34%)
metagoofilSearch Google and download specific file types
Stars: ✭ 174 (-10.31%)
Capsulecorp PentestVagrant VirtualBox environment for conducting an internal network penetration test
Stars: ✭ 214 (+10.31%)
pyhtoolsA Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.
Stars: ✭ 166 (-14.43%)
HakkuframeworkHakku Framework penetration testing
Stars: ✭ 205 (+5.67%)
urldedupePass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
Stars: ✭ 208 (+7.22%)
Evil SsdpSpoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.
Stars: ✭ 204 (+5.15%)
mec-ngpentest toolbox
Stars: ✭ 28 (-85.57%)
Dark-PhishDark-Phish is a complete phishing tool. For more about Dark-Phish tool please visit the website.
Stars: ✭ 57 (-70.62%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (+2.58%)
xmlrpc-bruteforcerAn XMLRPC brute forcer targeting Wordpress written in Python 3. (DISCONTINUED)
Stars: ✭ 62 (-68.04%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-2.06%)
peniotPENIOT: Penetration Testing Tool for IoT
Stars: ✭ 164 (-15.46%)
WebmapA Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
Stars: ✭ 188 (-3.09%)
Andrax Mobile PentestANDRAX The first and unique Penetration Testing platform for Android smartphones
Stars: ✭ 394 (+103.09%)
AttackSurfaceManagementDiscover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (-76.8%)
GarudAn automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Stars: ✭ 183 (-5.67%)
hathiA dictionary attack tool for PostgreSQL and MSSQL
Stars: ✭ 33 (-82.99%)
Nndefacctsnnposter's alternate fingerprint dataset for Nmap script http-default-accounts
Stars: ✭ 180 (-7.22%)
huntkitDocker - Ubuntu with a bunch of PenTesting tools and wordlists
Stars: ✭ 51 (-73.71%)
Arp SpooferA pure-Python ARP Cache Poisoning (a.k.a "ARP Spoofing") tool
Stars: ✭ 180 (-7.22%)
frisbeeCollect email addresses by crawling search engine results.
Stars: ✭ 29 (-85.05%)
TcpproxyIntercepting TCP proxy to modify raw TCP streams using modules on incoming or outgoing traffic
Stars: ✭ 176 (-9.28%)
peneworkPenetration Test Framwork
Stars: ✭ 24 (-87.63%)
RecsechRecsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Stars: ✭ 173 (-10.82%)
sqlscanQuick SQL Scanner, Dorker, Webshell injector PHP
Stars: ✭ 140 (-27.84%)
RapidpayloadFramework RapidPayload - Metasploit Payload Generator | Crypter FUD AntiVirus Evasion
Stars: ✭ 174 (-10.31%)
boxerBoxer: A fast directory bruteforce tool written in Python with concurrency.
Stars: ✭ 15 (-92.27%)
SmogcloudFind cloud assets that no one wants exposed 🔎 ☁️
Stars: ✭ 168 (-13.4%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+51.55%)
Zap CliA simple tool for interacting with OWASP ZAP from the commandline.
Stars: ✭ 166 (-14.43%)
warfWARF is a Web Application Reconnaissance Framework that helps to gather information about the target.
Stars: ✭ 53 (-72.68%)
HydrafwHydraFW official firmware for HydraBus/HydraNFC for researcher, hackers, students, embedded software developers or anyone interested in debugging/hacking/developing/penetration testing
Stars: ✭ 165 (-14.95%)
cdCloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
Stars: ✭ 33 (-82.99%)
VulscanAdvanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+1088.14%)
DarksideTool Information Gathering & social engineering Write By [Python,JS,PHP]
Stars: ✭ 159 (-18.04%)
crtfinderFast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques
Stars: ✭ 96 (-50.52%)
PortiaPortia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network
Stars: ✭ 154 (-20.62%)
WPCrackerWordPress pentest tool
Stars: ✭ 34 (-82.47%)
lavaMicrosoft Azure Exploitation Framework
Stars: ✭ 46 (-76.29%)
PwnX.py🏴☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit
Stars: ✭ 30 (-84.54%)
pentesting-notesNotes from OSCP, CTF, security adventures, etc...
Stars: ✭ 38 (-80.41%)
TokenBreakerJSON RSA to HMAC and None Algorithm Vulnerability POC
Stars: ✭ 51 (-73.71%)
goLazagneGo library for credentials recovery
Stars: ✭ 177 (-8.76%)
webreconAutomated Web Recon Shell Scripts
Stars: ✭ 48 (-75.26%)
SSI Extra MaterialsIn my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them
Stars: ✭ 42 (-78.35%)