ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-24.39%)
ScriptsScripts I use during pentest engagements.
Stars: ✭ 834 (+917.07%)
Log Requests To SqliteBURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
Stars: ✭ 44 (-46.34%)
GivingstormInfection vector that bypasses AV, IDS, and IPS. (For now...)
Stars: ✭ 72 (-12.2%)
SqltabsRich SQL client for Postgresql, MySQL, MS SQL, Amazon Redshift, Google Firebase (Firestore)
Stars: ✭ 809 (+886.59%)
PsattackA portable console aimed at making pentesting with PowerShell a little easier.
Stars: ✭ 1,021 (+1145.12%)
WatchadAD Security Intrusion Detection System
Stars: ✭ 805 (+881.71%)
Awesome OscpA curated list of awesome OSCP resources
Stars: ✭ 804 (+880.49%)
Intrigue CoreDiscover Your Attack Surface!
Stars: ✭ 1,013 (+1135.37%)
Hacker Roadmap📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
Stars: ✭ 7,752 (+9353.66%)
Sap exploitHere you can get full exploit for SAP NetWeaver AS JAVA
Stars: ✭ 60 (-26.83%)
Local File Disclosure Sql Injection LabThis is sample code to demonstrate how one can use SQL Injection vulnerability to download local file from server in specific condition. If you have any doubt, ping me at https://twitter.com/IndiShell1046 :)
Stars: ✭ 41 (-50%)
OssaOpen-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (+870.73%)
XormSimple and Powerful ORM for Go, support mysql,postgres,tidb,sqlite3,mssql,oracle, Moved to https://gitea.com/xorm/xorm
Stars: ✭ 6,464 (+7782.93%)
Dbt Sqlserverdbt adapter for SQL Server and Azure SQL
Stars: ✭ 41 (-50%)
PingcastlePingCastle - Get Active Directory Security at 80% in 20% of the time
Stars: ✭ 775 (+845.12%)
StegextractDetect hidden files and text in images
Stars: ✭ 79 (-3.66%)
RedsnarfRedSnarf is a pen-testing / red-teaming tool for Windows environments
Stars: ✭ 1,109 (+1252.44%)
Rapidscan🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (+845.12%)
EvillimiterTool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (+831.71%)
Eyes👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️
Stars: ✭ 38 (-53.66%)
VhostscanA virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+835.37%)
FuxiPenetration Testing Platform
Stars: ✭ 1,103 (+1245.12%)
Iobroker.sqlStore history data in SQL Database: MySQL, PostgreSQL or SQLite
Stars: ✭ 37 (-54.88%)
InterlaceEasily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (+826.83%)
WeapsyASP.NET Core CMS
Stars: ✭ 748 (+812.2%)
NettackerAutomated Penetration Testing Framework
Stars: ✭ 982 (+1097.56%)
InqlInQL - A Burp Extension for GraphQL Security Testing
Stars: ✭ 715 (+771.95%)
Awesome Web Security🐶 A curated list of Web Security materials and resources.
Stars: ✭ 6,623 (+7976.83%)
Copy2java一键生成Java代码的burp插件/Generate Java script for fuzzing in Burp。
Stars: ✭ 32 (-60.98%)
Awesome Burp SuiteAwesome Burp Suite Resources. 400+ open source Burp plugins, 400+ posts and videos.
Stars: ✭ 712 (+768.29%)
HtshellsSelf contained htaccess shells and attacks
Stars: ✭ 708 (+763.41%)
LyricpassPassword wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.
Stars: ✭ 58 (-29.27%)
PasshuntPasshunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
Stars: ✭ 961 (+1071.95%)
Zeus ScannerAdvanced reconnaissance utility
Stars: ✭ 706 (+760.98%)
SublertSublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
Stars: ✭ 699 (+752.44%)
SequelizeAn easy-to-use and promise-based multi SQL dialects ORM tool for Node.js
Stars: ✭ 25,422 (+30902.44%)
K8cscanK8Cscan大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
Stars: ✭ 693 (+745.12%)
DeathstarUses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
Stars: ✭ 1,221 (+1389.02%)
RsfThe Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.
Stars: ✭ 76 (-7.32%)
Red Team Curation ListA list to discover work of red team tooling and methodology for penetration testing and security assessment
Stars: ✭ 68 (-17.07%)
GoroseGoRose(go orm), a mini database ORM for golang, which inspired by the famous php framwork laravle's eloquent. It will be friendly for php developer and python or ruby developer. Currently provides six major database drivers: mysql,sqlite3,postgres,oracle,mssql, Clickhouse.
Stars: ✭ 947 (+1054.88%)
Lockdoor Framework🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (+725.61%)
BrutalPayload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )
Stars: ✭ 678 (+726.83%)
Dnn.azureadproviderThe DNN Azure Active Directory Provider is an Authentication provider for DNN Platform (formerly DotNetNuke) that uses Azure Active Directory OAuth2 authentication to authenticate users.
Stars: ✭ 21 (-74.39%)
GorsairGorsair hacks its way into remote docker containers that expose their APIs
Stars: ✭ 678 (+726.83%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+8736.59%)
BroxyAn HTTP/HTTPS intercept proxy written in Go.
Stars: ✭ 912 (+1012.2%)
Thc Ipv6IPv6 attack toolkit
Stars: ✭ 673 (+720.73%)
SwiftnessxA cross-platform note-taking & target-tracking app for penetration testers.
Stars: ✭ 673 (+720.73%)