EvilgradeEvilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
Stars: ✭ 1,086 (+768.8%)
SmershSmersh is a pentest oriented collaborative tool used to track the progress of your company's missions.
Stars: ✭ 43 (-65.6%)
Cve 2019 0604cve-2019-0604 SharePoint RCE exploit
Stars: ✭ 91 (-27.2%)
CloakifyCloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+808.8%)
FilterbypassBrowser's XSS Filter Bypass Cheat Sheet
Stars: ✭ 884 (+607.2%)
Pythempentest framework
Stars: ✭ 1,060 (+748%)
Social AnalyzerAPI, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)
Stars: ✭ 8,449 (+6659.2%)
Vxscanpython3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
Stars: ✭ 1,244 (+895.2%)
GirshAutomatically spawn a reverse shell fully interactive for Linux or Windows victim
Stars: ✭ 66 (-47.2%)
Pwncatpwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Stars: ✭ 904 (+623.2%)
SsrfmapAutomatic SSRF fuzzer and exploitation tool
Stars: ✭ 1,344 (+975.2%)
Pathwar☠️ The Pathwar Project ☠️
Stars: ✭ 58 (-53.6%)
OwtfOffensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
Stars: ✭ 1,516 (+1112.8%)
Sudo killerA tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
Stars: ✭ 1,073 (+758.4%)
RobustpentestmacroThis is a rich-featured Visual Basic macro code for use during Penetration Testing assignments, implementing various advanced post-exploitation techniques.
Stars: ✭ 95 (-24%)
Pcwt Stars: ✭ 46 (-63.2%)
Shodan DorksDorks for shodan.io. Some basic shodan dorks collected from publicly available data.
Stars: ✭ 118 (-5.6%)
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+679.2%)
Trackray溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)
Stars: ✭ 1,295 (+936%)
OdatODAT: Oracle Database Attacking Tool
Stars: ✭ 906 (+624.8%)
Collection DocumentCollection of quality safety articles. Awesome articles.
Stars: ✭ 1,387 (+1009.6%)
Pwn jenkinsNotes about attacking Jenkins servers
Stars: ✭ 841 (+572.8%)
Nac bypassScript collection to bypass Network Access Control (NAC, 802.1x)
Stars: ✭ 79 (-36.8%)
Cloudflair🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Stars: ✭ 1,176 (+840.8%)
XattackerX Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+617.6%)
KratosknifeKratosKnife is a Advanced BOTNET Written in python 3 for Windows OS. Comes With Lot of Advanced Features such as Persistence & VM Detection Methods, Built-in Binder, etc
Stars: ✭ 97 (-22.4%)
FindsploitFind exploits in local and online databases instantly
Stars: ✭ 1,160 (+828%)
CatnipCat-Nip Automated Basic Pentest Tool - Designed For Kali Linux
Stars: ✭ 108 (-13.6%)
Dr0p1t FrameworkA framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
Stars: ✭ 1,132 (+805.6%)
Web BrutatorFast Modular Web Interfaces Bruteforcer
Stars: ✭ 97 (-22.4%)
Rfd CheckerRFD Checker - security CLI tool to test Reflected File Download issues
Stars: ✭ 56 (-55.2%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+1459.2%)
SkaSimple Karma Attack
Stars: ✭ 55 (-56%)
FeroxbusterA fast, simple, recursive content discovery tool written in Rust.
Stars: ✭ 1,314 (+951.2%)
Macro packmacro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
Stars: ✭ 1,072 (+757.6%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+952.8%)
PurplecloudAn Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches.
Stars: ✭ 122 (-2.4%)
Vulnxvulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
Stars: ✭ 1,009 (+707.2%)
PowerladonLadon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
Stars: ✭ 39 (-68.8%)
Hacker ContainerContainer with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
Stars: ✭ 105 (-16%)
ShellpopPop shells like a master.
Stars: ✭ 1,279 (+923.2%)
SnoopSnoop — инструмент разведки на основе открытых данных (OSINT world)
Stars: ✭ 886 (+608.8%)
SipptsSet of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (-7.2%)
CloudfailUtilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Stars: ✭ 1,239 (+891.2%)
KeyeKeye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.
Stars: ✭ 101 (-19.2%)
C2hackC2Hack, sharing tips and tricks for pentesters
Stars: ✭ 124 (-0.8%)
Ssrf TestingSSRF (Server Side Request Forgery) testing resources
Stars: ✭ 1,718 (+1274.4%)
VulrecVulnerability Recurrence:漏洞复现记录
Stars: ✭ 109 (-12.8%)
WsmanagerWebshell Manager
Stars: ✭ 99 (-20.8%)
SpartySparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]
Stars: ✭ 75 (-40%)