Spaces FinderA tool to hunt for publicly accessible DigitalOcean Spaces
Stars: ✭ 122 (-46.26%)
AsnipASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Stars: ✭ 126 (-44.49%)
OblivionData leak checker & OSINT Tool
Stars: ✭ 237 (+4.41%)
DorknetSelenium powered Python script to automate searching for vulnerable web apps.
Stars: ✭ 256 (+12.78%)
Ldap searchPython3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
Stars: ✭ 78 (-65.64%)
TtpsTactics, Techniques, and Procedures
Stars: ✭ 335 (+47.58%)
AiodnsbrutePython 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (+63%)
H8mailEmail OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
Stars: ✭ 2,163 (+852.86%)
TheharvesterE-mails, subdomains and names Harvester - OSINT
Stars: ✭ 6,175 (+2620.26%)
Linkedin2usernameOSINT Tool: Generate username lists for companies on LinkedIn
Stars: ✭ 504 (+122.03%)
DiamorphineLKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (+219.38%)
ReconnessReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (-42.29%)
GitgrabergitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Stars: ✭ 1,164 (+412.78%)
Gray hat csharp codeThis repository contains full code examples from the book Gray Hat C#
Stars: ✭ 301 (+32.6%)
Awesome Mobile SecurityAn effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+709.25%)
Nimscan🚀 Fast Port Scanner 🚀
Stars: ✭ 134 (-40.97%)
Burpsuite XkeysA Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Stars: ✭ 144 (-36.56%)
Hack ToolsThe all-in-one Red Team extension for Web Pentester 🛠
Stars: ✭ 2,750 (+1111.45%)
PdlistA passive subdomain finder
Stars: ✭ 204 (-10.13%)
JwtcatA CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
Stars: ✭ 181 (-20.26%)
Twitter IntelligenceTwitter Intelligence OSINT project performs tracking and analysis of the Twitter
Stars: ✭ 179 (-21.15%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (-5.29%)
Commit Stream#OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API
Stars: ✭ 204 (-10.13%)
CypherothAutomated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.
Stars: ✭ 179 (-21.15%)
Iposint⚠️WARNING: This project now become part of https://github.com/j3ssie/Metabigor project
Stars: ✭ 178 (-21.59%)
RogueAn extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.
Stars: ✭ 225 (-0.88%)
AaiaAWS Identity and Access Management Visualizer and Anomaly Finder
Stars: ✭ 218 (-3.96%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+1606.17%)
PoshkeepassPowerShell module for KeePass
Stars: ✭ 177 (-22.03%)
PwnbackBurp Extender plugin that generates a sitemap of a website using Wayback Machine
Stars: ✭ 203 (-10.57%)
IvreNetwork recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!
Stars: ✭ 2,331 (+926.87%)
Iot PtA Virtual environment for Pentesting IoT Devices
Stars: ✭ 218 (-3.96%)
Doxboxweb-based OSINT and reconaissance toolkit
Stars: ✭ 202 (-11.01%)
YarYar is a tool for plunderin' organizations, users and/or repositories.
Stars: ✭ 174 (-23.35%)
Xerrorfully automated pentesting tool
Stars: ✭ 173 (-23.79%)
HawkeyeHawkeye filesystem analysis tool
Stars: ✭ 202 (-11.01%)
HacktricksWelcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Stars: ✭ 3,741 (+1548.02%)
MaigretOSINT username checker. Collect a dossier on a person by username from a huge number of sites.
Stars: ✭ 219 (-3.52%)
ShellabLinux and Windows shellcode enrichment utility
Stars: ✭ 225 (-0.88%)
Darkspiritz🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍
Stars: ✭ 219 (-3.52%)
DiscoverCustom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (+1022.47%)
EvabsAn open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Stars: ✭ 173 (-23.79%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-12.33%)
KillchainA unified console to perform the "kill chain" stages of attacks.
Stars: ✭ 172 (-24.23%)
SerpentineC++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
Stars: ✭ 216 (-4.85%)
Misp ModulesModules for expansion services, import and export in MISP
Stars: ✭ 198 (-12.78%)
Remote Desktop CachingThis tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Stars: ✭ 171 (-24.67%)
StracciatellaOpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
Stars: ✭ 171 (-24.67%)
PockintA portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Stars: ✭ 196 (-13.66%)
Community ThreatsThe GitHub of Adversary Emulation Plans in JSON. Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans are shared here.
Stars: ✭ 169 (-25.55%)
Attiny85RubberDucky like payloads for DigiSpark Attiny85
Stars: ✭ 169 (-25.55%)
OsweepDon't Just Search OSINT. Sweep It.
Stars: ✭ 225 (-0.88%)
Contact.shAn OSINT tool to find contacts in order to report security vulnerabilities.
Stars: ✭ 216 (-4.85%)