QuiverQuiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (-19.54%)
Dns DiscoveryDNS-Discovery is a multithreaded subdomain bruteforcer.
Stars: ✭ 114 (-34.48%)
Jira ScanCVE-2017-9506 - SSRF
Stars: ✭ 159 (-8.62%)
Sec ToolsDocker images for infosec tools
Stars: ✭ 135 (-22.41%)
DekstereconWeb Application recon automation
Stars: ✭ 109 (-37.36%)
BbreconPython library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-2.87%)
OwtfOffensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
Stars: ✭ 1,516 (+771.26%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+1008.05%)
Di.we.hRepositório com conteúdo sobre web hacking em português
Stars: ✭ 156 (-10.34%)
UddupUrls de-duplication tool for better recon.
Stars: ✭ 103 (-40.8%)
Awesome VulnerableA curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
Stars: ✭ 133 (-23.56%)
Nuclei TemplatesCommunity curated list of templates for the nuclei engine to find security vulnerabilities.
Stars: ✭ 1,354 (+678.16%)
Tools TbhmTools of "The Bug Hunters Methodology V2 by @jhaddix"
Stars: ✭ 171 (-1.72%)
ArlARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Stars: ✭ 1,357 (+679.89%)
ReconnessReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (-24.71%)
KratosknifeKratosKnife is a Advanced BOTNET Written in python 3 for Windows OS. Comes With Lot of Advanced Features such as Persistence & VM Detection Methods, Built-in Binder, etc
Stars: ✭ 97 (-44.25%)
PortiaPortia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network
Stars: ✭ 154 (-11.49%)
Web BrutatorFast Modular Web Interfaces Bruteforcer
Stars: ✭ 97 (-44.25%)
OscprepoA list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.
Stars: ✭ 1,916 (+1001.15%)
AboutsecurityA list of payload and bypass lists for penetration testing and red team infrastructure build.
Stars: ✭ 166 (-4.6%)
FeroxbusterA fast, simple, recursive content discovery tool written in Rust.
Stars: ✭ 1,314 (+655.17%)
Ssti Payloads🎯 Server Side Template Injection Payloads
Stars: ✭ 150 (-13.79%)
HookishHooks in to interesting functions and helps reverse the web app faster.
Stars: ✭ 129 (-25.86%)
Awesome Mobile SecurityAn effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+955.75%)
Trackray溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)
Stars: ✭ 1,295 (+644.25%)
AcamarA Python3 based single-file subdomain enumerator
Stars: ✭ 89 (-48.85%)
AsnipASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Stars: ✭ 126 (-27.59%)
CspGiven a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.
Stars: ✭ 89 (-48.85%)
PidrilaPython Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (-28.16%)
ShellpopPop shells like a master.
Stars: ✭ 1,279 (+635.06%)
Vxscanpython3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
Stars: ✭ 1,244 (+614.94%)
Proof Of ConceptsA little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: ✭ 148 (-14.94%)
Nraynray distributed port scanner
Stars: ✭ 125 (-28.16%)
CloudfailUtilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Stars: ✭ 1,239 (+612.07%)
Nac bypassScript collection to bypass Network Access Control (NAC, 802.1x)
Stars: ✭ 79 (-54.6%)
SwiftnessA note-taking macOS app for penetration-testers.
Stars: ✭ 124 (-28.74%)
Webhackersweapons⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 1,205 (+592.53%)
Burp Bounty ProfilesBurp Bounty profiles compilation, feel free to contribute!
Stars: ✭ 76 (-56.32%)
C2hackC2Hack, sharing tips and tricks for pentesters
Stars: ✭ 124 (-28.74%)
SpartySparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]
Stars: ✭ 75 (-56.9%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (+586.21%)
PurplecloudAn Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches.
Stars: ✭ 122 (-29.89%)
Cloudflair🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Stars: ✭ 1,176 (+575.86%)
GirshAutomatically spawn a reverse shell fully interactive for Linux or Windows victim
Stars: ✭ 66 (-62.07%)
MobilehackersweaponsMobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 170 (-2.3%)
StuffUnsorted, raw, ugly & probably poorly usable tools for reversing, exploit and pentest
Stars: ✭ 146 (-16.09%)
Ssrf TestingSSRF (Server Side Request Forgery) testing resources
Stars: ✭ 1,718 (+887.36%)
GitgrabergitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Stars: ✭ 1,164 (+568.97%)