FuseA penetration testing tool for finding file upload bugs (NDSS 2020)
Stars: ✭ 147 (-28.29%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+840.49%)
JwtxploiterA tool to test security of json web token
Stars: ✭ 130 (-36.59%)
SilentbridgeSilentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.
Stars: ✭ 136 (-33.66%)
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (-8.78%)
Buffer overflowDon't let buffer overflows overflow your mind
Stars: ✭ 131 (-36.1%)
Pe LinuxLinux Privilege Escalation Tool By WazeHell
Stars: ✭ 168 (-18.05%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-20.98%)
Msploitego Pentesting suite for Maltego based on data in a Metasploit database
Stars: ✭ 124 (-39.51%)
PhpvulnAudit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (-28.78%)
3klconAutomation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Stars: ✭ 189 (-7.8%)
Print My ShellPython script wrote to automate the process of generating various reverse shells.
Stars: ✭ 140 (-31.71%)
ReconnoitreA security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+789.76%)
DiscoverCustom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (+1142.93%)
Awesome VulnerableA curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
Stars: ✭ 133 (-35.12%)
Remote Desktop CachingThis tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Stars: ✭ 171 (-16.59%)
Awesome Shodan Queries🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Stars: ✭ 2,758 (+1245.37%)
Awesome Hacking ResourcesA collection of hacking / penetration testing resources to make you better!
Stars: ✭ 11,466 (+5493.17%)
VulscanAdvanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+1024.39%)
Black WidowGUI based offensive penetration testing tool (Open Source)
Stars: ✭ 124 (-39.51%)
Nndefacctsnnposter's alternate fingerprint dataset for Nmap script http-default-accounts
Stars: ✭ 180 (-12.2%)
DarksideTool Information Gathering & social engineering Write By [Python,JS,PHP]
Stars: ✭ 159 (-22.44%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-7.32%)
PortiaPortia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network
Stars: ✭ 154 (-24.88%)
Arp SpooferA pure-Python ARP Cache Poisoning (a.k.a "ARP Spoofing") tool
Stars: ✭ 180 (-12.2%)
DnsmorphDomain name permutation engine written in Go
Stars: ✭ 148 (-27.8%)
AstraAutomated Security Testing For REST API's
Stars: ✭ 1,898 (+825.85%)
TcpproxyIntercepting TCP proxy to modify raw TCP streams using modules on incoming or outgoing traffic
Stars: ✭ 176 (-14.15%)
QuiverQuiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (-31.71%)
WebmapA Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
Stars: ✭ 188 (-8.29%)
RecsechRecsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Stars: ✭ 173 (-15.61%)
Information SecurityA place where I can create, collect and share tooling, resources and knowledge about information security.
Stars: ✭ 135 (-34.15%)
Evil SsdpSpoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.
Stars: ✭ 204 (-0.49%)
XssmapXSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
Stars: ✭ 134 (-34.63%)
RapidpayloadFramework RapidPayload - Metasploit Payload Generator | Crypter FUD AntiVirus Evasion
Stars: ✭ 174 (-15.12%)
TrigmapA wrapper for Nmap to quickly run network scans
Stars: ✭ 132 (-35.61%)
Andrax Mobile PentestANDRAX The first and unique Penetration Testing platform for Android smartphones
Stars: ✭ 394 (+92.2%)
SmogcloudFind cloud assets that no one wants exposed 🔎 ☁️
Stars: ✭ 168 (-18.05%)
OscprepoA list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.
Stars: ✭ 1,916 (+834.63%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-2.93%)
PidrilaPython Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (-39.02%)
Zap CliA simple tool for interacting with OWASP ZAP from the commandline.
Stars: ✭ 166 (-19.02%)
PakuriPenetration test Achieve Knowledge Unite Rapid Interface
Stars: ✭ 125 (-39.02%)
GarudAn automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Stars: ✭ 183 (-10.73%)
HydrafwHydraFW official firmware for HydraBus/HydraNFC for researcher, hackers, students, embedded software developers or anyone interested in debugging/hacking/developing/penetration testing
Stars: ✭ 165 (-19.51%)
LnkupGenerates malicious LNK file payloads for data exfiltration
Stars: ✭ 205 (+0%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+1789.27%)
HrshellHRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Stars: ✭ 193 (-5.85%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-11.22%)
PacuThe AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Stars: ✭ 2,451 (+1095.61%)