PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+52979.03%)
O365sprayUsername enumeration and password spraying tool aimed at Microsoft O365.
Stars: ✭ 133 (+114.52%)
DirstalkModern alternative to dirbuster/dirb
Stars: ✭ 210 (+238.71%)
Enum4linux NgA next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
Stars: ✭ 349 (+462.9%)
Mida MultitoolBash script purposed for system enumeration, vulnerability identification and privilege escalation.
Stars: ✭ 144 (+132.26%)
Intrec PackIntelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (+185.48%)
AzureAD Autologon BruteBrute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/
Stars: ✭ 90 (+45.16%)
FeroxbusterA fast, simple, recursive content discovery tool written in Rust.
Stars: ✭ 1,314 (+2019.35%)
WriteupsThis repository contains writeups for various CTFs I've participated in (Including Hack The Box).
Stars: ✭ 61 (-1.61%)
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (+516.13%)
PywerviewA (partial) Python rewriting of PowerSploit's PowerView
Stars: ✭ 292 (+370.97%)
AsnlookupLeverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (+162.9%)
Spray365Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.
Stars: ✭ 233 (+275.81%)
Enum.pyA tool to enumerate network services
Stars: ✭ 23 (-62.9%)
winallenumThis powershell script has got to run in remote hacked windows host, even for pivoting
Stars: ✭ 13 (-79.03%)
PhirauteeA proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.
Stars: ✭ 96 (+54.84%)
brutasWordlists and passwords handcrafted with ♥
Stars: ✭ 32 (-48.39%)
fransReconScript will enumerate domain name using horizontal enumeration, reverse lookup. Each horziontal domain will then be vertically enumerated using Sublist3r.
Stars: ✭ 31 (-50%)
ldapconsoleThe ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
Stars: ✭ 25 (-59.68%)
MailRipV3SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.
Stars: ✭ 28 (-54.84%)
oscpMy notebook for OSCP Lab
Stars: ✭ 22 (-64.52%)
ClippyTerribad PrivEsc enumeration script for Windows systems
Stars: ✭ 15 (-75.81%)
Cracker-ToolAll in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭
Stars: ✭ 181 (+191.94%)
httpx authAuthentication classes to be used with httpx
Stars: ✭ 59 (-4.84%)
onedrive user enumonedrive user enumeration - pentest tool to enumerate valid onedrive users
Stars: ✭ 223 (+259.68%)
HolyTipsA Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Stars: ✭ 1,210 (+1851.61%)
awesome-pentest-toolsList of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.
Stars: ✭ 34 (-45.16%)
WinEnumScript for Local Windows Enumeration
Stars: ✭ 30 (-51.61%)
gonumAn enum generator for Go
Stars: ✭ 26 (-58.06%)
k8s-idm-labKubernetes Identity Management Lab
Stars: ✭ 20 (-67.74%)
adsysActive Directory bridging tool suite
Stars: ✭ 80 (+29.03%)
MS17010EXPLadon Moudle MS17010 Exploit for PowerShell
Stars: ✭ 40 (-35.48%)
uberscanSecurity program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.
Stars: ✭ 31 (-50%)
ucsunivention⚫ Curso GRÁTIS SAMBA-4 UCS Univention Core Free 5.x Domain Controller Active Directory Open Source
Stars: ✭ 29 (-53.23%)
Reconky-Automated Bash ScriptReconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (+169.35%)
PowerShellGUIPowerShell scripts that generate Graphical User Interface (GUI)
Stars: ✭ 17 (-72.58%)
WatchADAD Security Intrusion Detection System
Stars: ✭ 967 (+1459.68%)
doubletapA very loud but fast recon scan and pentest template creator for use in CTF's/OSCP/Hackthebox...
Stars: ✭ 23 (-62.9%)
organonThis program focuses on automating the download, installation and compilation of pentest tools from source
Stars: ✭ 36 (-41.94%)
Linux-Active-Directory-join-scriptActive directory Join script for Ubuntu, Debian, CentOS, Linux Mint, Fedora, Kali, Elementary OS and Raspbian with built in failchcheck and debugmode for Ubuntu. "The most advanced and updated AD join script on GITHUB for Linux"
Stars: ✭ 97 (+56.45%)
New-AdPasswordReminderPowerShell script to email users that their password is soon expiring, along with info on how to change it. Designed to run as a scheduled task on a machine with the Active Directory PowerShell module installed.
Stars: ✭ 20 (-67.74%)
dwnd(ockerp)wn - a docker pwn tool manager
Stars: ✭ 154 (+148.39%)
log4j-detectorLog4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!
Stars: ✭ 622 (+903.23%)
leaky-pathsA collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+717.74%)
PSGPPreferencesA way to manage Group Policy Preferences through PowerShell
Stars: ✭ 15 (-75.81%)
ldap2jsonThe ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
Stars: ✭ 56 (-9.68%)
spellbookFramework for rapid development and reusable of security tools
Stars: ✭ 67 (+8.06%)
ConstoleScan for and exploit Consul agents
Stars: ✭ 37 (-40.32%)
MsfManiaPython AV Evasion Tools
Stars: ✭ 388 (+525.81%)
PentestingMisc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-61.29%)