Eyes.shLet's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
Stars: ✭ 89 (-95.48%)
RlpRecursive Length Prefix Encoding in JavaScript
Stars: ✭ 93 (-95.28%)
EntropyEntropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.
Stars: ✭ 126 (-93.6%)
DeautherdroidAdditional android app for SpaceHunn's ESP8266 DeAuther.
Stars: ✭ 93 (-95.28%)
Ntlmscanscan for NTLM directories
Stars: ✭ 141 (-92.84%)
WinpwnAutomation for internal Windows Penetrationtest / AD-Security
Stars: ✭ 1,303 (-33.82%)
CodabilityUseful helpers for working with Codable types in Swift
Stars: ✭ 125 (-93.65%)
XsstrikeMost advanced XSS scanner.
Stars: ✭ 9,822 (+398.83%)
AirmasterUse ExpiredDomains.net and BlueCoat to find useful domains for red team.
Stars: ✭ 150 (-92.38%)
CstcCSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
Stars: ✭ 91 (-95.38%)
PakuriPenetration test Achieve Knowledge Unite Rapid Interface
Stars: ✭ 125 (-93.65%)
Encoding WrapperCollection of Go wrappers for Video encoding cloud providers (moved to @video-dev)
Stars: ✭ 90 (-95.43%)
Node Console ProbeInspect JavaScript object methods and properties in the console.
Stars: ✭ 139 (-92.94%)
Msploitego Pentesting suite for Maltego based on data in a Metasploit database
Stars: ✭ 124 (-93.7%)
EggshelliOS/macOS/Linux Remote Administration Tool
Stars: ✭ 1,286 (-34.69%)
C2hackC2Hack, sharing tips and tricks for pentesters
Stars: ✭ 124 (-93.7%)
SourcecodesnifferThe Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.
Stars: ✭ 87 (-95.58%)
ShellpopPop shells like a master.
Stars: ✭ 1,279 (-35.04%)
CloudproberAn active monitoring software to detect failures before your customers do.
Stars: ✭ 1,269 (-35.55%)
PurplecloudAn Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches.
Stars: ✭ 122 (-93.8%)
BinaryGeneric and fast binary serializer for Go
Stars: ✭ 86 (-95.63%)
In Spectre MeltdownThis tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
Stars: ✭ 86 (-95.63%)
OmeglemiddlemanLets you connect strangers to each other, and intercept messages AKA Man in the Middle Attack
Stars: ✭ 85 (-95.68%)
DirmapAn advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。
Stars: ✭ 2,127 (+8.02%)
WpreconWPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.
Stars: ✭ 135 (-93.14%)
Codetectivea tool to determine the crypto/encoding algorithm used according to traces from its representation
Stars: ✭ 121 (-93.85%)
Vxscanpython3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
Stars: ✭ 1,244 (-36.82%)
RatelRAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
Stars: ✭ 121 (-93.85%)
CloudfailUtilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Stars: ✭ 1,239 (-37.07%)
IrextUniversal IR Remote Control Solution
Stars: ✭ 1,240 (-37.02%)
Phpasn1A PHP library to encode and decode arbitrary ASN.1 structures using ITU-T X.690 encoding rules.
Stars: ✭ 136 (-93.09%)
0l4bsCross-site scripting labs for web application security enthusiasts
Stars: ✭ 119 (-93.96%)
Beef Over WanBrowser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]
Stars: ✭ 82 (-95.84%)
BitmatchA Rust crate that allows you to match, bind, and pack the individual bits of integers.
Stars: ✭ 82 (-95.84%)
GofingerprintGoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
Stars: ✭ 120 (-93.91%)
VenomVenom - A Multi-hop Proxy for Penetration Testers
Stars: ✭ 1,228 (-37.63%)
Zeebsploitweb scanner - exploitation - information gathering
Stars: ✭ 159 (-91.92%)
CyberchefThe Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
Stars: ✭ 13,674 (+594.46%)
Xss Payload List🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+32.91%)
Pentestsome pentest scripts & tools by [email protected]
Stars: ✭ 136 (-93.09%)
Security CsrfThe Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSRF tokens.
Stars: ✭ 1,220 (-38.04%)
Nac bypassScript collection to bypass Network Access Control (NAC, 802.1x)
Stars: ✭ 79 (-95.99%)
Vxg.media.sdk.androidMarket leading Android SDK with encoding, streaming & playback functionality
Stars: ✭ 119 (-93.96%)
Ldap searchPython3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
Stars: ✭ 78 (-96.04%)
EdnGo implementation of EDN (Extensible Data Notation)
Stars: ✭ 76 (-96.14%)
RelayerSMB Relay Attack Script
Stars: ✭ 136 (-93.09%)
AndroidAndroid app for collecting OpenStreetCam imagery
Stars: ✭ 119 (-93.96%)
LdpcC and MATLAB implementation for LDPC encoding and decoding
Stars: ✭ 76 (-96.14%)
Burp Bounty ProfilesBurp Bounty profiles compilation, feel free to contribute!
Stars: ✭ 76 (-96.14%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (-1.02%)
SpartySparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]
Stars: ✭ 75 (-96.19%)
Bluemondaybluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
Stars: ✭ 2,135 (+8.43%)
MlboxMLBox is a powerful Automated Machine Learning python library.
Stars: ✭ 1,199 (-39.11%)
Shodan DorksDorks for shodan.io. Some basic shodan dorks collected from publicly available data.
Stars: ✭ 118 (-94.01%)
JrdsAnother monitoring application, intentend to be simple to use and extensible.
Stars: ✭ 72 (-96.34%)