RedTeam toolkitRed Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.
Stars: ✭ 301 (+2910%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+13060%)
VailynA phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Stars: ✭ 103 (+930%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+3790%)
JustEvadeBroJustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.
Stars: ✭ 63 (+530%)
HacktheworldAn Python Script For Generating Payloads that Bypasses All Antivirus so far .
Stars: ✭ 527 (+5170%)
Rapidscan🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (+7650%)
JackhammerJackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Stars: ✭ 633 (+6230%)
Intrigue CoreDiscover Your Attack Surface!
Stars: ✭ 1,013 (+10030%)
VulscanAdvanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+22950%)
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+31880%)
VanquishVanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.
Stars: ✭ 449 (+4390%)
AryAry 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (+2310%)
H4ckerThis repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
Stars: ✭ 10,451 (+104410%)
SilentbridgeSilentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.
Stars: ✭ 136 (+1260%)
Thc Ipv6IPv6 attack toolkit
Stars: ✭ 673 (+6630%)
Penetration testing poc渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+38480%)
NettackerAutomated Penetration Testing Framework
Stars: ✭ 982 (+9720%)
freebindIPv4 and IPv6 address rate limiting evasion tool
Stars: ✭ 88 (+780%)
Scanners BoxA powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑
Stars: ✭ 5,590 (+55800%)
AttackSurfaceManagementDiscover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (+350%)
Thc ArchiveAll releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (+4640%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+328990%)
SublertSublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
Stars: ✭ 699 (+6890%)
Hacker Roadmap📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
Stars: ✭ 7,752 (+77420%)
Lockdoor Framework🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (+6670%)
Zeus ScannerAdvanced reconnaissance utility
Stars: ✭ 706 (+6960%)
Awesome OscpA curated list of awesome OSCP resources
Stars: ✭ 804 (+7940%)
BashfuscatorA fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
Stars: ✭ 690 (+6800%)
Pwncatpwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Stars: ✭ 904 (+8940%)
OssaOpen-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (+7860%)
Clair ScannerDocker containers vulnerability scan
Stars: ✭ 679 (+6690%)
AgooA High Performance HTTP Server for Ruby
Stars: ✭ 679 (+6690%)
BrutalPayload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )
Stars: ✭ 678 (+6680%)
WhourTool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.
Stars: ✭ 18 (+80%)
Dsinternals Directory Services Internals (DSInternals) PowerShell Module and Framework
Stars: ✭ 776 (+7660%)
GorsairGorsair hacks its way into remote docker containers that expose their APIs
Stars: ✭ 678 (+6680%)
Vflow Enterprise Network Flow Collector (IPFIX, sFlow, Netflow) from Verizon Media
Stars: ✭ 776 (+7660%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+72360%)
SecretscannerFind secrets and passwords in container images and file systems
Stars: ✭ 895 (+8850%)
SwiftnessxA cross-platform note-taking & target-tracking app for penetration testers.
Stars: ✭ 673 (+6630%)
NetaddrA network address manipulation library for Python
Stars: ✭ 648 (+6380%)
Jok3rJok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: ✭ 645 (+6350%)
PerunPerun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架
Stars: ✭ 773 (+7630%)
JoomscanOWASP Joomla Vulnerability Scanner Project
Stars: ✭ 640 (+6300%)
TrivyScanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
Stars: ✭ 9,673 (+96630%)
ChangemeA default credential scanner.
Stars: ✭ 928 (+9180%)
BrutusA Python-powered exploitation framework and botnet.
Stars: ✭ 17 (+70%)
EvillimiterTool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (+7540%)
Powershell RatPython based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
Stars: ✭ 636 (+6260%)
VhostscanA virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+7570%)
HabuHacking Toolkit
Stars: ✭ 635 (+6250%)
Digispark ScriptsUSB Rubber Ducky type scripts written for the DigiSpark.
Stars: ✭ 629 (+6190%)
SpookflareLoader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.
Stars: ✭ 836 (+8260%)
SshttpSSH/HTTP(S) multiplexer. Run a webserver and a sshd on the same port w/o changes.
Stars: ✭ 766 (+7560%)
Penetration Testing ToolsA collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.
Stars: ✭ 614 (+6040%)
DotdotpwnDotDotPwn - The Directory Traversal Fuzzer
Stars: ✭ 601 (+5910%)
InterlaceEasily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (+7500%)