OSINT from your favorite services in a friendly terminal user interface - integrations for Virustotal, Shodan, and Censys
Support
Quality
Security
License
Reuse
hack tools
Support
Quality
Security
License
Reuse
Support
Quality
Security
License
Reuse
An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
Support
Quality
Security
License
Reuse
针对 Acunetix AWVS扫描器开发的批量扫描脚本,支持log4j漏洞、SpringShell、SQL注入、XSS、弱口令等专项,支持联动xray、burp、w13scan等被动批量
Support
Quality
Security
License
Reuse
用于辅助安全工程师漏洞挖掘、测试、复现,集合了mock、httplog、dns tools、xss,可用于测试各类无回显、无法直观判断或特定场景下的漏洞。
Support
Quality
Security
License
Reuse
:cherry_blossom: Interactive shellcoding environment to easily craft shellcodes
Support
Quality
Security
License
Reuse
Payload launcher and serial number checker for Nintendo Switch
Support
Quality
Security
License
Reuse
Vulnerable server used for learning software exploitation
Support
Quality
Security
License
Reuse
Install And Use Kali Linux With Gui In Termux
Support
Quality
Security
License
Reuse
Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具,它的定位在于能够在静态查杀上规避一些我们将要执行且含有特征的代码,帮助红队人员更方便快捷的从Web容器环境切换到C2环境进一步进行工作。
Support
Quality
Security
License
Reuse
a file-sharing tool that allows you to find the responsible person in case of a leakage
Support
Quality
Security
License
Reuse
Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.
Support
Quality
Security
License
Reuse
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
Support
Quality
Security
License
Reuse
Diablo for the Nintendo Switch
Support
Quality
Security
License
Reuse
A collection of vulnerable ARM binaries for practicing exploit development
Support
Quality
Security
License
Reuse
A byte code analyzer for finding deserialization gadget chains in Java applications
Support
Quality
Security
License
Reuse
hactool is a tool to view information about, decrypt, and extract common file formats for the Nintendo Switch, especially Nintendo Content Archives.
Support
Quality
Security
License
Reuse
Generate Professional Phishing Emails Fast And Easy
Support
Quality
Security
License
Reuse
Writing custom backdoor payloads with C# - Defcon 27 Workshop
Support
Quality
Security
License
Reuse
A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
Support
Quality
Security
License
Reuse
automotive software(OSEK & AUTOSAR) and its tool-chain
Support
Quality
Security
License
Reuse
Linux Binary Exploitation
Support
Quality
Security
License
Reuse
The iPhone version of News/YC, a Hacker News reader and interactive iOS application.
Support
Quality
Security
License
Reuse
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
Support
Quality
Security
License
Reuse
Image Payload Creating/Injecting tools
Support
Quality
Security
License
Reuse
Use a Fake image.jpg to exploit targets (hide known file extensions)
Support
Quality
Security
License
Reuse
Very vulnerable ARM/AARCH64 application (CTF style exploitation tutorial with 14 vulnerability techniques)
Support
Quality
Security
License
Reuse
XssPy - Web Application XSS Scanner
Support
Quality
Security
License
Reuse
Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹,也可针对IP/IP段或资产列表进行快速的指纹识别。
Support
Quality
Security
License
Reuse
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
Support
Quality
Security
License
Reuse
hacking-tool termux-tools termux noob-friendly instagram-bot bruteforce-password-cracker wordlist-technique
Support
Quality
Security
License
Reuse
:mag: A Complete Osint Tool
Support
Quality
Security
License
Reuse
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
Support
Quality
Security
License
Reuse
P
PS5-IPV6-Kernel-Exploitby Cryptogenic
JavaScript 
788 Version:Current
License: No License (No License)
License: No License (No License)An experimental webkit-based kernel exploit (Arb. R/W) for the PS5 on <= 4.51FW
Support
Quality
Security
License
Reuse
Redis(<=5.0.5) RCE
Support
Quality
Security
License
Reuse
CTF chall write-ups, files, scripts etc (trying to be more organised LOL)
Support
Quality
Security
License
Reuse
AndroRAT | Remote Administrator Tool for Android OS Hacking
Support
Quality
Security
License
Reuse
Grab target's webcam shots by link
Support
Quality
Security
License
Reuse
This script grab public report from hacker one and make some folders with poc videos
Support
Quality
Security
License
Reuse
A collection of PHP exploit scripts, found when investigating hacked servers. These are stored for educational purposes and to test fuzzers and vulnerability scanners. Feel free to contribute.
Support
Quality
Security
License
Reuse
Sandboxed Execution Environment
Support
Quality
Security
License
Reuse
HTTP Botnet
Support
Quality
Security
License
Reuse
Exploit the credentials present in files and memory
Support
Quality
Security
License
Reuse
For Linux binary Exploitation
Support
Quality
Security
License
Reuse
MD5-Monomorphic Shellcode Packer - all payloads have the same MD5 hash
Support
Quality
Security
License
Reuse
Collection of Scripts for shodan searching stuff.
Support
Quality
Security
License
Reuse
The ARP Scanner
Support
Quality
Security
License
Reuse
W
WordlistPasswordGeneratorby OnlineHacKing
Python 749 Version:Current License: Permissive (BSD-3-Clause)
Python Wordlist Password Generator for Termux - Hack any fb, instagram, Wifi any Password list - Online Hacking
Support
Quality
Security
License
Reuse
A theme and boot splash manager for the Nintendo 3DS console
Support
Quality
Security
License
Reuse
o
osintuiby wssheldon
OSINT from your favorite services in a friendly terminal user interface - integrations for Virustotal, Shodan, and Censys
Rust 867Updated: 2 y ago License: Permissive (MIT)
867Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
h
Support
Quality
Security
License
Reuse
C
CVE-2021-3156by blasty
C 864Updated: 2 y ago License: No License (No License)
864Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
x
xsshunter-expressby mandatoryprogrammer
An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
JavaScript 860Updated: 2 y ago License: Permissive (MIT)
860Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
a
awvs14-scanby test502git
针对 Acunetix AWVS扫描器开发的批量扫描脚本,支持log4j漏洞、SpringShell、SQL注入、XSS、弱口令等专项,支持联动xray、burp、w13scan等被动批量
Python 859Updated: 2 y ago License: No License (No License)
859Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
v
vtestby opensec-cn
用于辅助安全工程师漏洞挖掘、测试、复现,集合了mock、httplog、dns tools、xss,可用于测试各类无回显、无法直观判断或特定场景下的漏洞。
Python 854Updated: 2 y ago License: Permissive (Apache-2.0)
854Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
s
shellenby merrychap
:cherry_blossom: Interactive shellcoding environment to easily craft shellcodes
Python 854Updated: 2 y ago License: Permissive (MIT)
854Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
R
Rekadoby MenosGrante
Payload launcher and serial number checker for Nintendo Switch
Kotlin 853Updated: 2 y ago License: Permissive (Apache-2.0)
853Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
v
vulnserverby stephenbradshaw
Vulnerable server used for learning software exploitation
C 851Updated: 2 y ago License: Permissive (BSD-3-Clause)
851Updated: 2 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
k
kalimuxby noob-hackers
Install And Use Kali Linux With Gui In Termux
Shell 849Updated: 2 y ago License: Permissive (MIT)
849Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
C
Cooolis-msby Rvn0xsy
Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具,它的定位在于能够在静态查杀上规避一些我们将要执行且含有特征的代码,帮助红队人员更方便快捷的从Web容器环境切换到C2环境进一步进行工作。
C++ 847Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
847Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
w
wholeakedby utkusen
a file-sharing tool that allows you to find the responsible person in case of a leakage
Go 845Updated: 2 y ago License: Permissive (BSD-3-Clause)
845Updated: 2 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
S
SpookFlareby hlldz
Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.
Python 844Updated: 4 y ago License: Permissive (Apache-2.0)
844Updated: 4 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
P
PocListby Yang0615777
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
Java 842Updated: 3 y ago License: No License (No License)
842Updated: 3 y ago License: No License (No License)Support
Quality
Security
License
Reuse
d
devilution-nxby lantus
Diablo for the Nintendo Switch
C++ 841Updated: 2 y ago License: Permissive (Unlicense)
841Updated: 2 y ago License: Permissive (Unlicense)Support
Quality
Security
License
Reuse
E
Exploit-Challengesby Billy-Ellis
A collection of vulnerable ARM binaries for practicing exploit development
C 840Updated: 2 y ago License: No License (No License)
840Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
g
gadgetinspectorby JackOfMostTrades
A byte code analyzer for finding deserialization gadget chains in Java applications
Java 838Updated: 2 y ago License: Permissive (MIT)
838Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
h
hactoolby SciresM
hactool is a tool to view information about, decrypt, and extract common file formats for the Nintendo Switch, especially Nintendo Content Archives.
C 837Updated: 2 y ago License: Permissive (ISC)
837Updated: 2 y ago License: Permissive (ISC)Support
Quality
Security
License
Reuse
P
PhishMailerby BiZken
Generate Professional Phishing Emails Fast And Easy
Python 833Updated: 2 y ago License: Permissive (MIT)
833Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
d
defcon27_csharp_workshopby mvelazc0
Writing custom backdoor payloads with C# - Defcon 27 Workshop
C# 831Updated: 2 y ago License: No License (No License)
831Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
d
deciderby cisagov
A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
CSS 831Updated: 2 y ago License: Proprietary (Proprietary)
831Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
a
asby autoas
automotive software(OSEK & AUTOSAR) and its tool-chain
C 829Updated: 2 y ago License: No License (No License)
829Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
B
Support
Quality
Security
License
Reuse
N
News-YC---iPhoneby bennyguitar
The iPhone version of News/YC, a Hacker News reader and interactive iOS application.
Swift 817Updated: 2 y ago License: Proprietary (Proprietary)
817Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
C
C2-Tool-Collectionby outflanknl
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
C 814Updated: 2 y ago License: No License (No License)
814Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
p
pixloadby chinarulezzz
Image Payload Creating/Injecting tools
Perl 807Updated: 3 y ago License: Permissive (WTFPL)
807Updated: 3 y ago License: Permissive (WTFPL)Support
Quality
Security
License
Reuse
F
FakeImageExploiterby r00t-3xp10it
Use a Fake image.jpg to exploit targets (hide known file extensions)
Shell 807Updated: 2 y ago License: No License (No License)
807Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
e
exploit_meby bkerler
Very vulnerable ARM/AARCH64 application (CTF style exploitation tutorial with 14 vulnerability techniques)
C++ 805Updated: 2 y ago License: Permissive (MIT)
805Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
X
XssPyby faizann24
XssPy - Web Application XSS Scanner
Python 803Updated: 2 y ago License: Permissive (MIT)
803Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
G
Glassby s7ckTeam
Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹,也可针对IP/IP段或资产列表进行快速的指纹识别。
Python 801Updated: 2 y ago License: No License (No License)
801Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
S
SSRFireby ksharinarayanan
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
Shell 801Updated: 2 y ago License: No License (No License)
801Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
I
Instabruteforceby Hackertrackersj
hacking-tool termux-tools termux noob-friendly instagram-bot bruteforce-password-cracker wordlist-technique
Python 799Updated: 2 y ago License: Permissive (MIT)
799Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
M
Mr.Holmesby Lucksi
:mag: A Complete Osint Tool
Python 788Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
788Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
P
PwnKitby ly4k
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
C 788Updated: 2 y ago License: Permissive (MIT)
788Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
P
PS5-IPV6-Kernel-Exploitby Cryptogenic
An experimental webkit-based kernel exploit (Arb. R/W) for the PS5 on <= 4.51FW
JavaScript 788Updated: 2 y ago License: No License (No License)
788Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
r
redis-rogue-serverby n0b0dyCN
Redis(<=5.0.5) RCE
C 786Updated: 2 y ago License: Permissive (Apache-2.0)
786Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
C
CTFby Crypto-Cat
CTF chall write-ups, files, scripts etc (trying to be more organised LOL)
Python 785Updated: 2 y ago License: No License (No License)
785Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
A
AndroRATby The404Hacking
AndroRAT | Remote Administrator Tool for Android OS Hacking
Java 780Updated: 2 y ago License: No License (No License)
780Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
s
saycheeseby hangetzzu
Grab target's webcam shots by link
Shell 776Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
776Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
A
AllVideoPocsFromHackerOneby zeroc00I
This script grab public report from hacker one and make some folders with poc videos
Shell 775Updated: 2 y ago License: No License (No License)
775Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
p
php-exploit-scriptsby mattiasgeniar
A collection of PHP exploit scripts, found when investigating hacked servers. These are stored for educational purposes and to test fuzzers and vulnerability scanners. Feel free to contribute.
PHP 774Updated: 2 y ago License: No License (No License)
774Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
s
seeby F-Secure
Sandboxed Execution Environment
Python 771Updated: 4 y ago License: Permissive (Apache-2.0)
771Updated: 4 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
U
Support
Quality
Security
License
Reuse
P
PowerMemoryby giMini
Exploit the credentials present in files and memory
PowerShell 769Updated: 4 y ago License: Proprietary (Proprietary)
769Updated: 4 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
H
HITCON-Trainingby scwuaptx
For Linux binary Exploitation
C 765Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
765Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
m
monomorphby DavidBuchanan314
MD5-Monomorphic Shellcode Packer - all payloads have the same MD5 hash
C 761Updated: 2 y ago License: Permissive (MIT)
761Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
M
My-Shodan-Scriptsby random-robbie
Collection of Scripts for shodan searching stuff.
Python 756Updated: 3 y ago License: Permissive (MIT)
756Updated: 3 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
a
Support
Quality
Security
License
Reuse
W
WordlistPasswordGeneratorby OnlineHacKing
Python Wordlist Password Generator for Termux - Hack any fb, instagram, Wifi any Password list - Online Hacking
Python 749Updated: 2 y ago License: Permissive (BSD-3-Clause)
749Updated: 2 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
A
Anemone3DSby astronautlevel2
A theme and boot splash manager for the Nintendo 3DS console
C 748Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
748Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse