NishangNishang - Offensive PowerShell for red team, penetration testing and offensive security.
Stars: ✭ 5,943 (+15138.46%)
HosthunterHostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+994.87%)
auth analyzerBurp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
Stars: ✭ 77 (+97.44%)
Enum4linux NgA next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
Stars: ✭ 349 (+794.87%)
PXXTFFramework For Exploring kernel vulnerabilities, network vulnerabilities ✨
Stars: ✭ 23 (-41.03%)
PompemFind exploit tool
Stars: ✭ 786 (+1915.38%)
DoubleStarA personalized/enhanced re-creation of the Darkhotel "Double Star" APT exploit chain with a focus on Windows 8.1 and mixed with some of my own techniques
Stars: ✭ 140 (+258.97%)
vnf-asteriskDocumentation, configuration, reference material and other information around an Asterisk-based VNF
Stars: ✭ 38 (-2.56%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-20.51%)
WatchdogWatchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (+784.62%)
NSE-scriptsNSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473
Stars: ✭ 105 (+169.23%)
Android-Task-InjectionTask Hijacking in Android (somebody call it also StrandHogg vulnerability)
Stars: ✭ 52 (+33.33%)
Suid3numA standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)
Stars: ✭ 342 (+776.92%)
EOS-Proxy-TokenProxy token to allow mitigating EOSIO Ram exploit
Stars: ✭ 22 (-43.59%)
DawsAdvanced Web Shell
Stars: ✭ 551 (+1312.82%)
ftpknocker🔑 ftpknocker is a multi-threaded scanner for finding anonymous FTP servers
Stars: ✭ 38 (-2.56%)
Awesome Cyber SecurityA collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
Stars: ✭ 333 (+753.85%)
EsdEnumeration sub domains(枚举子域名)
Stars: ✭ 785 (+1912.82%)
AtlasQuick SQLMap Tamper Suggester
Stars: ✭ 679 (+1641.03%)
PowerhubA post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
Stars: ✭ 431 (+1005.13%)
xsymlinkXbox One Symbolic Link Exploit: Access restricted/encrypted volumes using the Xbox File Explorer.
Stars: ✭ 18 (-53.85%)
skweezFast website scraper and wordlist generator
Stars: ✭ 49 (+25.64%)
CtfCTF (Capture The Flag) writeups, code snippets, notes, scripts
Stars: ✭ 336 (+761.54%)
kernelpwnkernel-pwn and writeup collection
Stars: ✭ 348 (+792.31%)
PyckA collection of useful Python hacking scripts for beginners
Stars: ✭ 334 (+756.41%)
Appinfoscanner一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
Stars: ✭ 424 (+987.18%)
moonwalkCover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚
Stars: ✭ 544 (+1294.87%)
GtfoSearch gtfobins and lolbas files from your terminal
Stars: ✭ 336 (+761.54%)
Impulse💣 Impulse Denial-of-service ToolKit
Stars: ✭ 538 (+1279.49%)
ExploitsReal world and CTFs exploiting web/binary POCs.
Stars: ✭ 69 (+76.92%)
LightCosmosRatA remote administration tool for Windows, written in C#
Stars: ✭ 31 (-20.51%)
Ctf Writeups PublicWriteups for infosec Capture the Flag events by team Galaxians
Stars: ✭ 331 (+748.72%)
AzureAD Autologon BruteBrute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/
Stars: ✭ 90 (+130.77%)
Androidsdk🐳 Full-fledged Android SDK Docker Image
Stars: ✭ 776 (+1889.74%)
Awesome InfosecA curated list of awesome infosec courses and training resources.
Stars: ✭ 3,779 (+9589.74%)
Name That Hash🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥
Stars: ✭ 540 (+1284.62%)
BrutexAutomatically brute force all services running on a target.
Stars: ✭ 974 (+2397.44%)
Badusb botnet👥😈 Infect a pc with badusb and establish a connection through telegram.
Stars: ✭ 32 (-17.95%)
HouseA runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
Stars: ✭ 910 (+2233.33%)
SubdomainizerA tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Stars: ✭ 915 (+2246.15%)
BrutalPayload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )
Stars: ✭ 678 (+1638.46%)
HulkHULK DoS tool ported to Go with some additional features.
Stars: ✭ 427 (+994.87%)
external-protocol-floodingScheme flooding vulnerability: how it works and why it is a threat to anonymous browsing
Stars: ✭ 603 (+1446.15%)
JsshellAn interactive multi-user web JS shell
Stars: ✭ 330 (+746.15%)
xss-http-injectorXSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.
Stars: ✭ 22 (-43.59%)
rejigTurn your VPS into an attack box
Stars: ✭ 33 (-15.38%)
Red Teaming ToolkitThis repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Stars: ✭ 5,615 (+14297.44%)
Chimay-Red-tinyThis is a minified exploit for mikrotik routers. It does not require any aditional modules to run.
Stars: ✭ 25 (-35.9%)
ServerscanServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
Stars: ✭ 674 (+1628.21%)
avainA Modular Framework for the Automated Vulnerability Analysis in IP-based Networks
Stars: ✭ 56 (+43.59%)
All-Discord-ExploitsThis is a list of Discord console scripts, bugs and exploits.
Stars: ✭ 34 (-12.82%)
BrutesploitBruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation,combine,transform and permutation some words or file text :p
Stars: ✭ 424 (+987.18%)
DeepfakeHTTPDeepfakeHTTP is a web server that uses HTTP dumps as a source for responses.
Stars: ✭ 373 (+856.41%)