Penetration testing poc渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+263.96%)
CloudbunnyCloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.
Stars: ✭ 273 (-74.25%)
GowaptGo Web Application Penetration Test
Stars: ✭ 300 (-71.7%)
Findom XssA fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (-70.75%)
PhishapiComprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
Stars: ✭ 272 (-74.34%)
Iblessingiblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.
Stars: ✭ 326 (-69.25%)
JsshellAn interactive multi-user web JS shell
Stars: ✭ 330 (-68.87%)
TlsfuzzerSSL and TLS protocol test suite and fuzzer
Stars: ✭ 335 (-68.4%)
BillcipherInformation Gathering tool for a Website or IP address
Stars: ✭ 332 (-68.68%)
Vaultswiss army knife for hackers
Stars: ✭ 346 (-67.36%)
KatanaA Python Tool For google Hacking
Stars: ✭ 355 (-66.51%)
Badkarmanetwork reconnaissance toolkit
Stars: ✭ 353 (-66.7%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (-66.13%)
WssatWEB SERVICE SECURITY ASSESSMENT TOOL
Stars: ✭ 360 (-66.04%)
Proxy ListGet PROXY List that gets updated everyday
Stars: ✭ 347 (-67.26%)
SecuritymanageframworkSecurity Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
Stars: ✭ 378 (-64.34%)
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (-63.96%)
W5Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
Stars: ✭ 367 (-65.38%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (-63.3%)
ArchstrikeAn Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.
Stars: ✭ 401 (-62.17%)
Hackinghacker, ready for more of our story ! 🚀
Stars: ✭ 413 (-61.04%)
PwndocPentest Report Generator
Stars: ✭ 417 (-60.66%)
IoxTool for port forwarding & intranet proxy
Stars: ✭ 411 (-61.23%)
Rats SearchBitTorrent P2P multi-platform search engine for Desktop and Web servers with integrated torrent client.
Stars: ✭ 1,037 (-2.17%)
Appinfoscanner一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
Stars: ✭ 424 (-60%)
Wahh extrasThe Web Application Hacker's Handbook - Extra Content
Stars: ✭ 428 (-59.62%)
GoohakAutomatically Launch Google Hacking Queries Against A Target Domain
Stars: ✭ 432 (-59.25%)
Enum4linux NgA next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
Stars: ✭ 349 (-67.08%)
ReverseapkQuickly analyze and reverse engineer Android packages
Stars: ✭ 419 (-60.47%)
PentestkitUseful tools and scripts during Penetration Testing engagements
Stars: ✭ 463 (-56.32%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (-51.98%)
A2svAuto Scanning to SSL Vulnerability
Stars: ✭ 524 (-50.57%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+3004.62%)
0d1nTool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
Stars: ✭ 506 (-52.26%)
MitmproxyAn interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Stars: ✭ 25,495 (+2305.19%)
Invoke SocksproxySocks proxy, and reverse socks server using powershell.
Stars: ✭ 540 (-49.06%)
Awesome Network StuffResources about network security, including: Proxy/GFW/ReverseProxy/Tunnel/VPN/Tor/I2P, and MiTM/PortKnocking/NetworkSniff/NetworkAnalysis/etc。More than 1700 open source tools for now. Post incoming.
Stars: ✭ 578 (-45.47%)
BrutexAutomatically brute force all services running on a target.
Stars: ✭ 974 (-8.11%)
Pentest Tools FrameworkPentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities
Stars: ✭ 48 (-95.47%)
RedcloudAutomated Red Team Infrastructure deployement using Docker
Stars: ✭ 551 (-48.02%)
OpendoorOWASP WEB Directory Scanner
Stars: ✭ 586 (-44.72%)
Vulnxvulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
Stars: ✭ 1,009 (-4.81%)
Penetration Testing ToolsA collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.
Stars: ✭ 614 (-42.08%)
JoomscanOWASP Joomla Vulnerability Scanner Project
Stars: ✭ 640 (-39.62%)
BlazyBlazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .
Stars: ✭ 637 (-39.91%)
EvilurlGenerate unicode evil domains for IDN Homograph Attack and detect them.
Stars: ✭ 654 (-38.3%)
SilverMass scan IPs for vulnerable services
Stars: ✭ 588 (-44.53%)
SniffglueSecure multithreaded packet sniffer
Stars: ✭ 651 (-38.58%)