Hacker Roadmap📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
Stars: ✭ 7,752 (+2527.8%)
HabuHacking Toolkit
Stars: ✭ 635 (+115.25%)
Thc ArchiveAll releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (+60.68%)
JwtxploiterA tool to test security of json web token
Stars: ✭ 130 (-55.93%)
SublertSublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
Stars: ✭ 699 (+136.95%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+1087.46%)
Capsulecorp PentestVagrant VirtualBox environment for conducting an internal network penetration test
Stars: ✭ 214 (-27.46%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+11055.59%)
PidrilaPython Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (-57.63%)
KeyeKeye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.
Stars: ✭ 101 (-65.76%)
Awesome Hacking ResourcesA collection of hacking / penetration testing resources to make you better!
Stars: ✭ 11,466 (+3786.78%)
PortiaPortia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network
Stars: ✭ 154 (-47.8%)
ArachniWeb Application Security Scanner Framework
Stars: ✭ 2,942 (+897.29%)
Remote Desktop CachingThis tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Stars: ✭ 171 (-42.03%)
Awesome Shodan Queries🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Stars: ✭ 2,758 (+834.92%)
Andrax Mobile PentestANDRAX The first and unique Penetration Testing platform for Android smartphones
Stars: ✭ 394 (+33.56%)
SubscraperSubdomain enumeration through various techniques
Stars: ✭ 265 (-10.17%)
Evil SsdpSpoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.
Stars: ✭ 204 (-30.85%)
Ladon大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+886.78%)
RubyfuRubyfu, where Ruby goes evil!
Stars: ✭ 228 (-22.71%)
WebmapA Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
Stars: ✭ 188 (-36.27%)
Reverse Shell GeneratorHosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
Stars: ✭ 238 (-19.32%)
Juice Shop CtfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
Stars: ✭ 238 (-19.32%)
BlacknetFree advanced and modern Windows botnet with a nice and secure PHP panel.
Stars: ✭ 271 (-8.14%)
Ictf FrameworkThe iCTF Framework, presented by Shellphish!
Stars: ✭ 281 (-4.75%)
TechnowloggerTechNowLogger is Windows/Linux Keylogger Generator which sends key-logs via email with other juicy target info
Stars: ✭ 172 (-41.69%)
Rebel FrameworkAdvanced and easy to use penetration testing framework 💣🔎
Stars: ✭ 183 (-37.97%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-38.31%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+1049.49%)
AboutsecurityA list of payload and bypass lists for penetration testing and red team infrastructure build.
Stars: ✭ 166 (-43.73%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-32.54%)
HrshellHRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Stars: ✭ 193 (-34.58%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-35.59%)
CameradarCameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+840.68%)
Pentest WikiPENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
Stars: ✭ 2,668 (+804.41%)
PayloadsGit All the Payloads! A collection of web attack payloads.
Stars: ✭ 2,862 (+870.17%)
HydrafwHydraFW official firmware for HydraBus/HydraNFC for researcher, hackers, students, embedded software developers or anyone interested in debugging/hacking/developing/penetration testing
Stars: ✭ 165 (-44.07%)
sqlscanQuick SQL Scanner, Dorker, Webshell injector PHP
Stars: ✭ 140 (-52.54%)
xecaPowerShell payload generator
Stars: ✭ 103 (-65.08%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-51.86%)
minipwnerA script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".
Stars: ✭ 53 (-82.03%)
tryhackme-ctfTryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.
Stars: ✭ 140 (-52.54%)
PyParser-CVEMulti source CVE/exploit parser.
Stars: ✭ 25 (-91.53%)
haiti🔑 Hash type identifier (CLI & lib)
Stars: ✭ 287 (-2.71%)
PXXTFFramework For Exploring kernel vulnerabilities, network vulnerabilities ✨
Stars: ✭ 23 (-92.2%)
1earnffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Stars: ✭ 3,715 (+1159.32%)
argusArgus Advanced Remote & Local Keylogger For macOS and Windows
Stars: ✭ 87 (-70.51%)
MyJWTA cli for cracking, testing vulnerabilities on Json Web Token(JWT)
Stars: ✭ 92 (-68.81%)
huntkitDocker - Ubuntu with a bunch of PenTesting tools and wordlists
Stars: ✭ 51 (-82.71%)
ggtfobinsGet GTFOBins info about a given exploit from the command line
Stars: ✭ 27 (-90.85%)
spellbookFramework for rapid development and reusable of security tools
Stars: ✭ 67 (-77.29%)