SsrfmapAutomatic SSRF fuzzer and exploitation tool
Stars: ✭ 1,344 (+3.78%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-97.61%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+1.62%)
Vulnxvulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
Stars: ✭ 1,009 (-22.08%)
AryAry 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (-81.39%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+2441.24%)
NIST-to-TechAn open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
Stars: ✭ 61 (-95.29%)
VulrecVulnerability Recurrence:漏洞复现记录
Stars: ✭ 109 (-91.58%)
PentestingMisc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-98.15%)
VuldashVulnerability Dashboard
Stars: ✭ 16 (-98.76%)
Rfd CheckerRFD Checker - security CLI tool to test Reflected File Download issues
Stars: ✭ 56 (-95.68%)
UnjailmeA sandbox escape based on the proof-of-concept (CVE-2018-4087) by Rani Idan (Zimperium)
Stars: ✭ 73 (-94.36%)
SkaSimple Karma Attack
Stars: ✭ 55 (-95.75%)
Macro packmacro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
Stars: ✭ 1,072 (-17.22%)
Hacker ezinesA collection of electronic hacker magazines carefully curated over the years from multiple sources
Stars: ✭ 72 (-94.44%)
SlowlorisAsynchronous Python implementation of SlowLoris DoS attack
Stars: ✭ 51 (-96.06%)
Openvas ScannerOpen Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)
Stars: ✭ 1,056 (-18.46%)
GirshAutomatically spawn a reverse shell fully interactive for Linux or Windows victim
Stars: ✭ 66 (-94.9%)
Pcwt Stars: ✭ 46 (-96.45%)
NugetdefenseAn MSBuildTask that checks for known vulnerabilities. Inspired by OWASP SafeNuGet.
Stars: ✭ 44 (-96.6%)
ShellpopPop shells like a master.
Stars: ✭ 1,279 (-1.24%)
Vxscanpython3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
Stars: ✭ 1,244 (-3.94%)
FindsploitFind exploits in local and online databases instantly
Stars: ✭ 1,160 (-10.42%)
SmershSmersh is a pentest oriented collaborative tool used to track the progress of your company's missions.
Stars: ✭ 43 (-96.68%)
Pathwar☠️ The Pathwar Project ☠️
Stars: ✭ 58 (-95.52%)
SpartySparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]
Stars: ✭ 75 (-94.21%)
EvilgradeEvilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
Stars: ✭ 1,086 (-16.14%)
MrspickyMrsPicky - An IDAPython decompiler script that helps auditing calls to the memcpy() and memmove() functions.
Stars: ✭ 86 (-93.36%)
Sudo killerA tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
Stars: ✭ 1,073 (-17.14%)
Cloudflair🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Stars: ✭ 1,176 (-9.19%)
ShellshockhunterIt's a simple tool for test vulnerability shellshock
Stars: ✭ 52 (-95.98%)
Pythempentest framework
Stars: ✭ 1,060 (-18.15%)
Ossf Cve BenchmarkThe OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.
Stars: ✭ 71 (-94.52%)
Vulstudy使用docker快速搭建各大漏洞靶场,目前可以一键搭建17个靶场。
Stars: ✭ 1,245 (-3.86%)
RvdRobot Vulnerability Database. An archive of robot vulnerabilities and bugs.
Stars: ✭ 87 (-93.28%)
LabsVulnerability Labs for security analysis
Stars: ✭ 1,002 (-22.63%)
CloakifyCloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (-12.28%)
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (-24.79%)
PowerladonLadon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
Stars: ✭ 39 (-96.99%)
CloudfailUtilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Stars: ✭ 1,239 (-4.32%)
Dr0p1t FrameworkA framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
Stars: ✭ 1,132 (-12.59%)
Social AnalyzerAPI, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)
Stars: ✭ 8,449 (+552.43%)
Vulnerability Data ArchiveWith the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools
Stars: ✭ 63 (-95.14%)
OdatODAT: Oracle Database Attacking Tool
Stars: ✭ 906 (-30.04%)
BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (-31.51%)
ThoronThoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.
Stars: ✭ 87 (-93.28%)
Nac bypassScript collection to bypass Network Access Control (NAC, 802.1x)
Stars: ✭ 79 (-93.9%)
Attack Surface Detector BurpThe Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
Stars: ✭ 63 (-95.14%)
SnoopSnoop — инструмент разведки на основе открытых данных (OSINT world)
Stars: ✭ 886 (-31.58%)
FilterbypassBrowser's XSS Filter Bypass Cheat Sheet
Stars: ✭ 884 (-31.74%)
Sap exploitHere you can get full exploit for SAP NetWeaver AS JAVA
Stars: ✭ 60 (-95.37%)