Sudo killerA tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
Stars: ✭ 1,073 (+1477.94%)
gtfoSearch for Unix binaries that can be exploited to bypass system security restrictions.
Stars: ✭ 88 (+29.41%)
Pentesting toolkit🏴☠️ Tools for pentesting, CTFs & wargames. 🏴☠️
Stars: ✭ 1,268 (+1764.71%)
Gtfobins.github.ioGTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
Stars: ✭ 6,030 (+8767.65%)
BellaBella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻
Stars: ✭ 112 (+64.71%)
SilentbridgeSilentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.
Stars: ✭ 136 (+100%)
PspyMonitor linux processes without root permissions
Stars: ✭ 2,470 (+3532.35%)
Juice Shop CtfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
Stars: ✭ 238 (+250%)
RspetRSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
Stars: ✭ 251 (+269.12%)
Ctf ToolsUseful CTF Tools
Stars: ✭ 190 (+179.41%)
WinpwnAutomation for internal Windows Penetrationtest / AD-Security
Stars: ✭ 1,303 (+1816.18%)
Flask UnsignCommand line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
Stars: ✭ 90 (+32.35%)
EvilosxAn evil RAT (Remote Administration Tool) for macOS / OS X.
Stars: ✭ 1,826 (+2585.29%)
Linux Smart EnumerationLinux enumeration tool for pentesting and CTFs with verbosity levels
Stars: ✭ 1,956 (+2776.47%)
Dns PersistDNS-Persist is a post-exploitation agent which uses DNS for command and control.
Stars: ✭ 191 (+180.88%)
HrshellHRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Stars: ✭ 193 (+183.82%)
getroot🛠️ Tool to bypass my school's security system to get sudo privileges on MacOS
Stars: ✭ 34 (-50%)
Suid3numA standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)
Stars: ✭ 342 (+402.94%)
Impost3r👻Impost3r -- A linux password thief
Stars: ✭ 355 (+422.06%)
Infosec referenceAn Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (+6020.59%)
SifterSifter aims to be a fully loaded Op Centre for Pentesters
Stars: ✭ 403 (+492.65%)
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (+461.76%)
ToratToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication
Stars: ✭ 415 (+510.29%)
CovertutilsA framework for Backdoor development!
Stars: ✭ 424 (+523.53%)
ThoronThoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.
Stars: ✭ 87 (+27.94%)
VenomVenom - A Multi-hop Proxy for Penetration Testers
Stars: ✭ 1,228 (+1705.88%)
JwtxploiterA tool to test security of json web token
Stars: ✭ 130 (+91.18%)
KarkinosPenetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing
Stars: ✭ 115 (+69.12%)
Mida MultitoolBash script purposed for system enumeration, vulnerability identification and privilege escalation.
Stars: ✭ 144 (+111.76%)
Privilege EscalationThis cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.
Stars: ✭ 2,117 (+3013.24%)
Stegseek⚡️ Worlds fastest steghide cracker, chewing through millions of passwords per second ⚡️
Stars: ✭ 187 (+175%)
SpellbookMicro-framework for rapid development of reusable security tools
Stars: ✭ 53 (-22.06%)
EnumdbRelational database brute force and post exploitation tool for MySQL and MSSQL
Stars: ✭ 167 (+145.59%)
Awesome Terminal CommandsAn awesome resource listing and explaining various commonly used *nix commands
Stars: ✭ 109 (+60.29%)
Punk.pyunix SSH post-exploitation 1337 tool
Stars: ✭ 107 (+57.35%)
Awesome Hacking ResourcesA collection of hacking / penetration testing resources to make you better!
Stars: ✭ 11,466 (+16761.76%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+648.53%)
InjuredandroidA vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
Stars: ✭ 317 (+366.18%)
UptuxLinux privilege escalation checks (systemd, dbus, socket fun, etc)
Stars: ✭ 260 (+282.35%)
K8toolsK8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Stars: ✭ 4,173 (+6036.76%)
StegcrackerSteganography brute-force utility to uncover hidden data inside files
Stars: ✭ 396 (+482.35%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+48295.59%)
SpoilerwallSpoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!
Stars: ✭ 754 (+1008.82%)
PrivesccheckPrivilege Escalation Enumeration Script for Windows
Stars: ✭ 1,032 (+1417.65%)
Stowaway👻Stowaway -- Multi-hop Proxy Tool for pentesters
Stars: ✭ 500 (+635.29%)
Ciphey⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Stars: ✭ 9,116 (+13305.88%)
Platypus🔨 A modern multiple reverse shell sessions manager wrote in go
Stars: ✭ 559 (+722.06%)
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+9120.59%)
ProtonProton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.
Stars: ✭ 142 (+108.82%)
LeprechaunThis tool is used to map out the network data flow to help penetration testers identify potentially valuable targets.
Stars: ✭ 232 (+241.18%)
juice-shop-ctfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox
Stars: ✭ 287 (+322.06%)
PupyPupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
Stars: ✭ 6,737 (+9807.35%)