CrosslinkedLinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
Stars: ✭ 223 (+277.97%)
Darkspiritz🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍
Stars: ✭ 219 (+271.19%)
TigersharkBilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.
Stars: ✭ 212 (+259.32%)
Socialfishmobile📱 🐟 An app to remote control SocialFish.
Stars: ✭ 200 (+238.98%)
Hack ToolsThe all-in-one Red Team extension for Web Pentester 🛠
Stars: ✭ 2,750 (+4561.02%)
FoolavPentest tool for antivirus evasion and running arbitrary payload on target Wintel host
Stars: ✭ 181 (+206.78%)
KillchainA unified console to perform the "kill chain" stages of attacks.
Stars: ✭ 172 (+191.53%)
RaccoonA high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+3818.64%)
PymetaPymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.
Stars: ✭ 170 (+188.14%)
ZigdiggityA ZigBee hacking toolkit by Bishop Fox
Stars: ✭ 169 (+186.44%)
Attiny85RubberDucky like payloads for DigiSpark Attiny85
Stars: ✭ 169 (+186.44%)
Finshir💫 An asynchronous Low & Slow traffic generator, written in Rust
Stars: ✭ 168 (+184.75%)
EnumdbRelational database brute force and post exploitation tool for MySQL and MSSQL
Stars: ✭ 167 (+183.05%)
Xssor2XSS'OR - Hack with JavaScript.
Stars: ✭ 1,969 (+3237.29%)
DarksideTool Information Gathering & social engineering Write By [Python,JS,PHP]
Stars: ✭ 159 (+169.49%)
Git ScannerA tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
Stars: ✭ 157 (+166.1%)
AirmasterUse ExpiredDomains.net and BlueCoat to find useful domains for red team.
Stars: ✭ 150 (+154.24%)
DirmapAn advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。
Stars: ✭ 2,127 (+3505.08%)
DnsmorphDomain name permutation engine written in Go
Stars: ✭ 148 (+150.85%)
Burpsuite XkeysA Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Stars: ✭ 144 (+144.07%)
GitmailsAn information gathering tool to collect git commit emails in version control host services
Stars: ✭ 142 (+140.68%)
RelayerSMB Relay Attack Script
Stars: ✭ 136 (+130.51%)
Sec ToolsDocker images for infosec tools
Stars: ✭ 135 (+128.81%)
TrigmapA wrapper for Nmap to quickly run network scans
Stars: ✭ 132 (+123.73%)
JwtxploiterA tool to test security of json web token
Stars: ✭ 130 (+120.34%)
PakuriPenetration test Achieve Knowledge Unite Rapid Interface
Stars: ✭ 125 (+111.86%)
Struts2 check一个用于识别目标网站是否采用Struts2框架开发的工具demo
Stars: ✭ 124 (+110.17%)
Msploitego Pentesting suite for Maltego based on data in a Metasploit database
Stars: ✭ 124 (+110.17%)
Ssrf TestingSSRF (Server Side Request Forgery) testing resources
Stars: ✭ 1,718 (+2811.86%)
RatelRAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
Stars: ✭ 121 (+105.08%)
SipptsSet of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (+96.61%)
EspkeyWiegand data logger, replay device and micro door-controller
Stars: ✭ 114 (+93.22%)
Mitm Scripts🔄 A collection of mitmproxy inline scripts
Stars: ✭ 109 (+84.75%)
CatnipCat-Nip Automated Basic Pentest Tool - Designed For Kali Linux
Stars: ✭ 108 (+83.05%)
Punk.pyunix SSH post-exploitation 1337 tool
Stars: ✭ 107 (+81.36%)
Dnsubdnsub一款好用的子域名扫描工具
Stars: ✭ 106 (+79.66%)
VailynA phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Stars: ✭ 103 (+74.58%)
ArlARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Stars: ✭ 1,357 (+2200%)
Win PortfwdPowershell script to setup windows port forwarding using native netsh client
Stars: ✭ 95 (+61.02%)
ErodirA fast web directory/file enumeration tool written in Rust
Stars: ✭ 94 (+59.32%)
Foolavcfoolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV
Stars: ✭ 93 (+57.63%)
WinpwnAutomation for internal Windows Penetrationtest / AD-Security
Stars: ✭ 1,303 (+2108.47%)
EggshelliOS/macOS/Linux Remote Administration Tool
Stars: ✭ 1,286 (+2079.66%)
Eyes.shLet's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
Stars: ✭ 89 (+50.85%)
In Spectre MeltdownThis tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
Stars: ✭ 86 (+45.76%)
One Lin3rGives you one-liners that aids in penetration testing operations, privilege escalation and more
Stars: ✭ 1,259 (+2033.9%)
VenomVenom - A Multi-hop Proxy for Penetration Testers
Stars: ✭ 1,228 (+1981.36%)
Ldap searchPython3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
Stars: ✭ 78 (+32.2%)
Cloudflair🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Stars: ✭ 1,176 (+1893.22%)
XshockXSHOCK Shellshock Exploit
Stars: ✭ 65 (+10.17%)
CloakifyCloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+1825.42%)
FuxiPenetration Testing Platform
Stars: ✭ 1,103 (+1769.49%)