ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-35.42%)
Pentest⛔️ offsec batteries included
Stars: ✭ 1,063 (+1007.29%)
DeathstarUses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
Stars: ✭ 1,221 (+1171.88%)
ReconcatA small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.
Stars: ✭ 66 (-31.25%)
KeyloggerA simple keylogger for Windows, Linux and Mac
Stars: ✭ 1,007 (+948.96%)
CloudfailUtilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Stars: ✭ 1,239 (+1190.63%)
DeltaPROJECT DELTA: SDN SECURITY EVALUATION FRAMEWORK
Stars: ✭ 55 (-42.71%)
Watf BankWaTF Bank - What a Terrible Failure Mobile Banking Application for Android and iOS
Stars: ✭ 87 (-9.37%)
MilkyA .NET Standard library for pentesting web apps against credential stuffing attacks.
Stars: ✭ 49 (-48.96%)
RsfThe Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.
Stars: ✭ 76 (-20.83%)
Red Team Curation ListA list to discover work of red team tooling and methodology for penetration testing and security assessment
Stars: ✭ 68 (-29.17%)
Social AnalyzerAPI, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)
Stars: ✭ 8,449 (+8701.04%)
Zynix Fusionzynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else.
Stars: ✭ 84 (-12.5%)
Attack Surface Detector BurpThe Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
Stars: ✭ 63 (-34.37%)
Pentest NotesCollection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
Stars: ✭ 89 (-7.29%)
VulmapVulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (+1023.96%)
PrismaticaResponsive Command and Control System
Stars: ✭ 81 (-15.62%)
Nmap Nse InfoBrowse and search through nmap's NSE scripts.
Stars: ✭ 54 (-43.75%)
WinpwnAutomation for internal Windows Penetrationtest / AD-Security
Stars: ✭ 1,303 (+1257.29%)
Pentesting BibleLearn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+9255.21%)
Ldap searchPython3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
Stars: ✭ 78 (-18.75%)
SleightEmpire HTTP(S) C2 redirector setup script
Stars: ✭ 44 (-54.17%)
ThoronThoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.
Stars: ✭ 87 (-9.37%)
Eyes👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️
Stars: ✭ 38 (-60.42%)
Mongoaudit🔥 A powerful MongoDB auditing and pentesting tool 🔥
Stars: ✭ 1,174 (+1122.92%)
PentestingazureappsScript samples from the book Pentesting Azure Applications (2018, No Starch Press)
Stars: ✭ 69 (-28.12%)
ThecollectiveThe Collective. A repo for a collection of red-team projects found mostly on Github.
Stars: ✭ 85 (-11.46%)
GtfonowAutomatic privilege escalation for misconfigured capabilities, sudo and suid binaries
Stars: ✭ 68 (-29.17%)
AcamarA Python3 based single-file subdomain enumerator
Stars: ✭ 89 (-7.29%)
CloakifyCloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+1083.33%)
Gitjacker🔪 Leak git repositories from misconfigured websites
Stars: ✭ 1,249 (+1201.04%)
NeedleThe iOS Security Testing Framework
Stars: ✭ 1,122 (+1068.75%)
Flask UnsignCommand line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
Stars: ✭ 90 (-6.25%)
RedsnarfRedSnarf is a pen-testing / red-teaming tool for Windows environments
Stars: ✭ 1,109 (+1055.21%)
Pentesting CookbookA set of recipes useful in pentesting and red teaming scenarios
Stars: ✭ 82 (-14.58%)
Kill RouterFerramenta para quebrar senhas administrativas de roteadores Wireless, routers, switches e outras plataformas de gestão de serviços de rede autenticados.
Stars: ✭ 57 (-40.62%)
Reverse ShellReverse Shell as a Service
Stars: ✭ 1,281 (+1234.38%)
Burpsuite CollectionsBurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+1026.04%)
VenomVenom - A Multi-hop Proxy for Penetration Testers
Stars: ✭ 1,228 (+1179.17%)
SpellbookMicro-framework for rapid development of reusable security tools
Stars: ✭ 53 (-44.79%)
Resource filesmosquito - Automating reconnaissance and brute force attacks
Stars: ✭ 95 (-1.04%)
OscpMy OSCP journey
Stars: ✭ 50 (-47.92%)
Decoder Plus PlusAn extensible application for penetration testers and software developers to decode/encode data into various formats.
Stars: ✭ 79 (-17.71%)
SsrfmapSimple Server Side Request Forgery services enumeration tool.
Stars: ✭ 50 (-47.92%)
BlackratBlackRAT - Java Based Remote Administrator Tool
Stars: ✭ 87 (-9.37%)
PrivesccheckPrivilege Escalation Enumeration Script for Windows
Stars: ✭ 1,032 (+975%)
GithacktoolsThe best Hacking and PenTesting tools installer on the world
Stars: ✭ 78 (-18.75%)
Log Requests To SqliteBURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
Stars: ✭ 44 (-54.17%)
KatzkatzPython3 script to parse txt files containing Mimikatz output
Stars: ✭ 91 (-5.21%)
DnsbruteDNS Sub-domain brute forcer, in Python + gevent
Stars: ✭ 40 (-58.33%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (+1143.75%)
DirhuntFind web directories without bruteforce
Stars: ✭ 983 (+923.96%)
OscpOur OSCP repo: from popping shells to mental health.
Stars: ✭ 71 (-26.04%)
DeepseaDeepSea Phishing Gear
Stars: ✭ 96 (+0%)
SwurgParse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 94 (-2.08%)
Eyes.shLet's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
Stars: ✭ 89 (-7.29%)
Pentesting toolkit🏴☠️ Tools for pentesting, CTFs & wargames. 🏴☠️
Stars: ✭ 1,268 (+1220.83%)
Netmap.jsFast browser-based network discovery module
Stars: ✭ 70 (-27.08%)