PentestkitUseful tools and scripts during Penetration Testing engagements
Stars: ✭ 463 (+194.9%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (+660.51%)
Cr3dov3rKnow the dangers of credential reuse attacks.
Stars: ✭ 1,700 (+982.8%)
MarsnakeSystem Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems
Stars: ✭ 16 (-89.81%)
Cloudflair🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Stars: ✭ 1,176 (+649.04%)
PidrilaPython Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (-20.38%)
DeepseaDeepSea Phishing Gear
Stars: ✭ 96 (-38.85%)
SecuritySome of my security stuff and vulnerabilities. Nothing advanced. More to come.
Stars: ✭ 835 (+431.85%)
Burp Send ToAdds a customizable "Send to..."-context-menu to your BurpSuite.
Stars: ✭ 114 (-27.39%)
BruteCredential stuffing engine built for security professionals
Stars: ✭ 435 (+177.07%)
PurifyAll-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (-54.14%)
JalescJust Another Linux Enumeration Script: A Bash script for locally enumerating a compromised Linux box
Stars: ✭ 152 (-3.18%)
NfcgateAn NFC research toolkit application for Android
Stars: ✭ 425 (+170.7%)
OscpOur OSCP repo: from popping shells to mental health.
Stars: ✭ 71 (-54.78%)
CovertutilsA framework for Backdoor development!
Stars: ✭ 424 (+170.06%)
DockleContainer Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
Stars: ✭ 1,713 (+991.08%)
PentestingazureappsScript samples from the book Pentesting Azure Applications (2018, No Starch Press)
Stars: ✭ 69 (-56.05%)
0xsp Mongoosea unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.
Stars: ✭ 419 (+166.88%)
Pocsuite3pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
Stars: ✭ 2,213 (+1309.55%)
HashtopolisA Hashcat wrapper for distributed hashcracking
Stars: ✭ 835 (+431.85%)
Cloud Security AuditA command line security audit tool for Amazon Web Services
Stars: ✭ 68 (-56.69%)
HellraiserVulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (+163.06%)
BulwarkAn organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (-28.03%)
Github DorksFind leaked secrets via github search
Stars: ✭ 1,332 (+748.41%)
SessiongopherSessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
Stars: ✭ 833 (+430.57%)
GtfonowAutomatic privilege escalation for misconfigured capabilities, sudo and suid binaries
Stars: ✭ 68 (-56.69%)
Gcp AuditA tool for auditing security properties of GCP projects.
Stars: ✭ 140 (-10.83%)
LynisLynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+5719.75%)
Ciphey⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Stars: ✭ 9,116 (+5706.37%)
StegcrackerSteganography brute-force utility to uncover hidden data inside files
Stars: ✭ 396 (+152.23%)
Envizonnetwork visualization & vulnerability management/reporting
Stars: ✭ 382 (+143.31%)
XshockXSHOCK Shellshock Exploit
Stars: ✭ 65 (-58.6%)
Jsonpjsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.
Stars: ✭ 131 (-16.56%)
SubrakeA Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.
Stars: ✭ 125 (-20.38%)
Win PortfwdPowershell script to setup windows port forwarding using native netsh client
Stars: ✭ 95 (-39.49%)
Cs SuiteCloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
Stars: ✭ 815 (+419.11%)
SqlmapAutomatic SQL injection and database takeover tool
Stars: ✭ 21,907 (+13853.5%)
Attack Surface Detector BurpThe Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
Stars: ✭ 63 (-59.87%)
KccssKubernetes Common Configuration Scoring System
Stars: ✭ 111 (-29.3%)
RaasnetOpen-Source Ransomware As A Service for Linux, MacOS and Windows
Stars: ✭ 371 (+136.31%)
Resource filesmosquito - Automating reconnaissance and brute force attacks
Stars: ✭ 95 (-39.49%)
SprayingtoolkitScripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
Stars: ✭ 802 (+410.83%)
FuxiPenetration Testing Platform
Stars: ✭ 1,103 (+602.55%)
Awesome OscpA curated list of awesome OSCP resources
Stars: ✭ 804 (+412.1%)
RidrelayEnumerate usernames on a domain where you have no creds by using SMB Relay with low priv.
Stars: ✭ 359 (+128.66%)
PakuriPenetration test Achieve Knowledge Unite Rapid Interface
Stars: ✭ 125 (-20.38%)
SwurgParse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 94 (-40.13%)
OssaOpen-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (+407.01%)
GoscanInteractive Network Scanner
Stars: ✭ 795 (+406.37%)
ErodirA fast web directory/file enumeration tool written in Rust
Stars: ✭ 94 (-40.13%)
PompemFind exploit tool
Stars: ✭ 786 (+400.64%)
PrivescA collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Stars: ✭ 786 (+400.64%)
Mix audit🕵️♀️ MixAudit provides a mix deps.audit task to scan a project Mix dependencies for known Elixir security vulnerabilities
Stars: ✭ 146 (-7.01%)
Sec ToolsDocker images for infosec tools
Stars: ✭ 135 (-14.01%)
Struts2 check一个用于识别目标网站是否采用Struts2框架开发的工具demo
Stars: ✭ 124 (-21.02%)
Foolavcfoolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV
Stars: ✭ 93 (-40.76%)