FilesensorDynamic file detection tool based on crawler 基于爬虫的动态敏感文件探测工具
Stars: ✭ 227 (-9.92%)
HacktricksWelcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Stars: ✭ 3,741 (+1384.52%)
EnumyLinux post exploitation privilege escalation enumeration
Stars: ✭ 210 (-16.67%)
EvabsAn open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Stars: ✭ 173 (-31.35%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+1264.68%)
RaccoonA high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+817.46%)
DecryptteamviewerEnumerate and decrypt TeamViewer credentials from Windows registry
Stars: ✭ 205 (-18.65%)
Attiny85RubberDucky like payloads for DigiSpark Attiny85
Stars: ✭ 169 (-32.94%)
ProgpilotA static analysis tool for security
Stars: ✭ 226 (-10.32%)
Nginx Ultimate Bad Bot BlockerNginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
Stars: ✭ 2,351 (+832.94%)
Evil SsdpSpoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.
Stars: ✭ 204 (-19.05%)
Zap CliA simple tool for interacting with OWASP ZAP from the commandline.
Stars: ✭ 166 (-34.13%)
Cc.pyExtracting URLs of a specific target based on the results of "commoncrawl.org"
Stars: ✭ 250 (-0.79%)
PspyMonitor linux processes without root permissions
Stars: ✭ 2,470 (+880.16%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+1436.9%)
VulscanAdvanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+814.68%)
AndroticklerPenetration testing and auditing toolkit for Android apps.
Stars: ✭ 225 (-10.71%)
PycatPython network tool, similar to Netcat with custom features.
Stars: ✭ 162 (-35.71%)
Doxboxweb-based OSINT and reconaissance toolkit
Stars: ✭ 202 (-19.84%)
Invoke ApexA PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.
Stars: ✭ 162 (-35.71%)
AryAry 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (-4.37%)
Git ScannerA tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
Stars: ✭ 157 (-37.7%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-21.03%)
RescopeRescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: ✭ 156 (-38.1%)
ShellabLinux and Windows shellcode enrichment utility
Stars: ✭ 225 (-10.71%)
JalescJust Another Linux Enumeration Script: A Bash script for locally enumerating a compromised Linux box
Stars: ✭ 152 (-39.68%)
MosintAn automated e-mail OSINT tool
Stars: ✭ 184 (-26.98%)
WebhashcatHashcat web interface
Stars: ✭ 151 (-40.08%)
RspetRSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
Stars: ✭ 251 (-0.4%)
CintruderCaptcha Intruder (CIntrud3r) is an automatic pentesting tool to bypass captchas.
Stars: ✭ 192 (-23.81%)
Burp Molly ScannerTurn your Burp suite into headless active web application vulnerability scanner
Stars: ✭ 146 (-42.06%)
TfsecSecurity scanner for your Terraform code
Stars: ✭ 3,622 (+1337.3%)
WincmdfuWindows one line commands that make life easier, shortcuts and command line fu.
Stars: ✭ 145 (-42.46%)
Stegseek⚡️ Worlds fastest steghide cracker, chewing through millions of passwords per second ⚡️
Stars: ✭ 187 (-25.79%)
Burpsuite XkeysA Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Stars: ✭ 144 (-42.86%)
Juice Shop CtfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
Stars: ✭ 238 (-5.56%)
GvmdGreenbone Vulnerability Manager
Stars: ✭ 140 (-44.44%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (-25.79%)
Sqlite LabThis code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/
Stars: ✭ 140 (-44.44%)
Iot PtA Virtual environment for Pentesting IoT Devices
Stars: ✭ 218 (-13.49%)
NetwormPython network worm that spreads on the local network and gives the attacker control of these machines.
Stars: ✭ 135 (-46.43%)
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (-25.79%)
EvilosxAn evil RAT (Remote Administration Tool) for macOS / OS X.
Stars: ✭ 1,826 (+624.6%)
Physmem2profitPhysmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
Stars: ✭ 244 (-3.17%)
XorpassEncoder to bypass WAF filters using XOR operations
Stars: ✭ 134 (-46.83%)
Awesome Shodan Queries🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Stars: ✭ 2,758 (+994.44%)
Awesome CsirtAwesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
Stars: ✭ 132 (-47.62%)
Oscp Cheat SheetThis is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder
Stars: ✭ 216 (-14.29%)
Rebel FrameworkAdvanced and easy to use penetration testing framework 💣🔎
Stars: ✭ 183 (-27.38%)
Cr3dov3rKnow the dangers of credential reuse attacks.
Stars: ✭ 1,700 (+574.6%)
TrigmapA wrapper for Nmap to quickly run network scans
Stars: ✭ 132 (-47.62%)
Pocsuite3pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
Stars: ✭ 2,213 (+778.17%)
FrackerPHP function tracker
Stars: ✭ 234 (-7.14%)
Angularjs Csti ScannerAutomated client-side template injection (sandbox escape/bypass) detection for AngularJS.
Stars: ✭ 214 (-15.08%)
SlurpEvaluate the security of S3 buckets
Stars: ✭ 183 (-27.38%)
ArcherysecCentralize Vulnerability Assessment and Management for DevSecOps Team
Stars: ✭ 1,802 (+615.08%)
Jsonpjsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.
Stars: ✭ 131 (-48.02%)
Grinder🔎 Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)
Stars: ✭ 209 (-17.06%)
Hack ToolsThe all-in-one Red Team extension for Web Pentester 🛠
Stars: ✭ 2,750 (+991.27%)