Xssor2XSS'OR - Hack with JavaScript.
Stars: ✭ 1,969 (+2597.26%)
skweezFast website scraper and wordlist generator
Stars: ✭ 49 (-32.88%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+4698.63%)
LazyreconAn automated approach to performing recon for bug bounty hunting and penetration testing.
Stars: ✭ 282 (+286.3%)
PwnedPasswordsCheckerSearch (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list v8)
Stars: ✭ 52 (-28.77%)
SublertSublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
Stars: ✭ 699 (+857.53%)
Mida MultitoolBash script purposed for system enumeration, vulnerability identification and privilege escalation.
Stars: ✭ 144 (+97.26%)
Mr.sipSIP-Based Audit and Attack Tool
Stars: ✭ 266 (+264.38%)
Spray365Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.
Stars: ✭ 233 (+219.18%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-57.53%)
Cheat-Sheet---Active-DirectoryThis cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.
Stars: ✭ 154 (+110.96%)
Hadoop Attack LibraryA collection of pentest tools and resources targeting Hadoop environments
Stars: ✭ 228 (+212.33%)
K8cscanK8Cscan大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
Stars: ✭ 693 (+849.32%)
Pentestsome pentest scripts & tools by [email protected]
Stars: ✭ 136 (+86.3%)
Project BlackPentest/BugBounty progress control with scanning modules
Stars: ✭ 257 (+252.05%)
WavecrackWavestone's web interface for password cracking with hashcat
Stars: ✭ 135 (+84.93%)
WriteupsThis repository contains writeups for various CTFs I've participated in (Including Hack The Box).
Stars: ✭ 61 (-16.44%)
Industrial-Security-Auditing-FrameworkISAF aims to be a framework that provides the necessary tools for the correct security audit of industrial environments. This repo is a mirror of https://gitlab.com/d0ubl3g/industrial-security-auditing-framework.
Stars: ✭ 43 (-41.1%)
Awesome VulnerableA curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
Stars: ✭ 133 (+82.19%)
avainA Modular Framework for the Automated Vulnerability Analysis in IP-based Networks
Stars: ✭ 56 (-23.29%)
WireBugWireBug is a toolset for Voice-over-IP penetration testing
Stars: ✭ 142 (+94.52%)
Evil WinrmThe ultimate WinRM shell for hacking/pentesting
Stars: ✭ 2,251 (+2983.56%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-41.1%)
LiteOTPMulti OTP Spam Amp/Paralell threads
Stars: ✭ 50 (-31.51%)
PentaOpen source all-in-one CLI tool to semi-automate pentesting.
Stars: ✭ 130 (+78.08%)
MS17010EXPLadon Moudle MS17010 Exploit for PowerShell
Stars: ✭ 40 (-45.21%)
mobilehacktoolsA repository for scripting a mobile attack toolchain
Stars: ✭ 61 (-16.44%)
JwtxploiterA tool to test security of json web token
Stars: ✭ 130 (+78.08%)
GetPwdIt's a tool which generate a dictionary from a csv containing personals informations. Generate all common passwords based on perso info. (leet transformations and combinatory processing)
Stars: ✭ 46 (-36.99%)
SkrullSkrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.
Stars: ✭ 413 (+465.75%)
winallenumThis powershell script has got to run in remote hacked windows host, even for pivoting
Stars: ✭ 13 (-82.19%)
Cloud BusterA Cloudflare resolver that works
Stars: ✭ 128 (+75.34%)
oscpMy notebook for OSCP Lab
Stars: ✭ 22 (-69.86%)
IAT APIAssembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.
Stars: ✭ 63 (-13.7%)
organonThis program focuses on automating the download, installation and compilation of pentest tools from source
Stars: ✭ 36 (-50.68%)
Nraynray distributed port scanner
Stars: ✭ 125 (+71.23%)
window-ratThe purpose of this tool is to test the window10 defender protection and also other antivirus protection.
Stars: ✭ 59 (-19.18%)
Searpy🥀 Search Engine Tookit,URL采集、Favicon哈希值查找真实IP、子域名查找
Stars: ✭ 104 (+42.47%)
PurplecloudAn Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches.
Stars: ✭ 122 (+67.12%)
PhirauteeA proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.
Stars: ✭ 96 (+31.51%)
awesome-api-securityA collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
Stars: ✭ 2,079 (+2747.95%)
MailRipV3SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.
Stars: ✭ 28 (-61.64%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+2569.86%)
dwnd(ockerp)wn - a docker pwn tool manager
Stars: ✭ 154 (+110.96%)
EvilurlGenerate unicode evil domains for IDN Homograph Attack and detect them.
Stars: ✭ 654 (+795.89%)
PatatorPatator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
Stars: ✭ 2,792 (+3724.66%)
Jok3rJok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: ✭ 645 (+783.56%)
HabuHacking Toolkit
Stars: ✭ 635 (+769.86%)
atermIt records your terminal, then lets you upload to ASHIRT
Stars: ✭ 17 (-76.71%)
Pentest WikiPENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
Stars: ✭ 2,668 (+3554.79%)
Reconspider🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
Stars: ✭ 621 (+750.68%)
MsdatMSDAT: Microsoft SQL Database Attacking Tool
Stars: ✭ 621 (+750.68%)
RunascsRunasCs - Csharp and open version of windows builtin runas.exe
Stars: ✭ 216 (+195.89%)