MonkeyInfection Monkey - An automated pentest tool
Stars: ✭ 5,572 (+7975.36%)
Damn Vulnerable Graphql ApplicationDamn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
Stars: ✭ 567 (+721.74%)
NishangNishang - Offensive PowerShell for red team, penetration testing and offensive security.
Stars: ✭ 5,943 (+8513.04%)
FuxiPenetration Testing Platform
Stars: ✭ 1,103 (+1498.55%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+47594.2%)
Pwncatpwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Stars: ✭ 904 (+1210.14%)
BlackmambaC2/post-exploitation framework
Stars: ✭ 544 (+688.41%)
AwsbucketdumpSecurity Tool to Look For Interesting Files in S3 Buckets
Stars: ✭ 1,021 (+1379.71%)
WhonowA "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)
Stars: ✭ 533 (+672.46%)
ScriptsScripts I use during pentest engagements.
Stars: ✭ 834 (+1108.7%)
Linkedin2usernameOSINT Tool: Generate username lists for companies on LinkedIn
Stars: ✭ 504 (+630.43%)
Hacker Roadmap📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
Stars: ✭ 7,752 (+11134.78%)
Commando VmComplete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution.
[email protected] Stars: ✭ 5,030 (+7189.86%)
PsattackA portable console aimed at making pentesting with PowerShell a little easier.
Stars: ✭ 1,021 (+1379.71%)
HackerproAll in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog
Stars: ✭ 474 (+586.96%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+463.77%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+10401.45%)
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (+453.62%)
LyricpassPassword wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.
Stars: ✭ 58 (-15.94%)
NetcatNetCat for Windows
Stars: ✭ 463 (+571.01%)
Eyes👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️
Stars: ✭ 38 (-44.93%)
Vulnhub Ctf WriteupsThis cheasheet is aimed at the CTF Players and Beginners to help them sort Vulnhub Labs. This list contains all the writeups available on hackingarticles.
Stars: ✭ 368 (+433.33%)
HosthunterHostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+518.84%)
PwndocPentest Report Generator
Stars: ✭ 417 (+504.35%)
HtshellsSelf contained htaccess shells and attacks
Stars: ✭ 708 (+926.09%)
Oscp PwkThis is my cheatsheet and scripts developed while taking the Offensive Security Penetration Testing with Kali Linux course.
Stars: ✭ 406 (+488.41%)
PasshuntPasshunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
Stars: ✭ 961 (+1292.75%)
ArchstrikeAn Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.
Stars: ✭ 401 (+481.16%)
Lockdoor Framework🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (+881.16%)
GhostwriterThe SpecterOps project management and reporting engine
Stars: ✭ 394 (+471.01%)
Pathwar☠️ The Pathwar Project ☠️
Stars: ✭ 58 (-15.94%)
NmapIdiomatic nmap library for go developers
Stars: ✭ 391 (+466.67%)
GorsairGorsair hacks its way into remote docker containers that expose their APIs
Stars: ✭ 678 (+882.61%)
BusterAn advanced tool for email reconnaissance
Stars: ✭ 387 (+460.87%)
BroxyAn HTTP/HTTPS intercept proxy written in Go.
Stars: ✭ 912 (+1221.74%)
Infosec referenceAn Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (+5931.88%)
Thc Ipv6IPv6 attack toolkit
Stars: ✭ 673 (+875.36%)
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-10.14%)
Vulnerable AdCreate a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
Stars: ✭ 360 (+421.74%)
SkaSimple Karma Attack
Stars: ✭ 55 (-20.29%)
Androl4bA Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Stars: ✭ 908 (+1215.94%)
SwiftnessxA cross-platform note-taking & target-tracking app for penetration testers.
Stars: ✭ 673 (+875.36%)
SitadelWeb Application Security Scanner
Stars: ✭ 360 (+421.74%)
Hunter(l)user hunter using WinAPI calls only
Stars: ✭ 359 (+420.29%)
Babysploit👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍
Stars: ✭ 883 (+1179.71%)
Powershell RatPython based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
Stars: ✭ 636 (+821.74%)
Vaultswiss army knife for hackers
Stars: ✭ 346 (+401.45%)
Black Hat RustApplied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB
Stars: ✭ 331 (+379.71%)
JackhammerJackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Stars: ✭ 633 (+817.39%)
Awesome InfosecA curated list of awesome infosec courses and training resources.
Stars: ✭ 3,779 (+5376.81%)
Pentest⛔️ offsec batteries included
Stars: ✭ 1,063 (+1440.58%)