Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
Support
Quality
Security
License
Reuse
HTTPLeaks - All possible ways, a website can leak HTTP requests
Support
Quality
Security
License
Reuse
Brute-Forcing from Nmap output - Automatically attempts default creds on found services.
Support
Quality
Security
License
Reuse
Subdomain Takeover tool written in Go
Support
Quality
Security
License
Reuse
A Security Tool for Bug Bounty, Pentest and Red Teaming.
Support
Quality
Security
License
Reuse
C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
Support
Quality
Security
License
Reuse
Extract credentials from lsass remotely
Support
Quality
Security
License
Reuse
Reverse Shell as a Service
Support
Quality
Security
License
Reuse
weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883
Support
Quality
Security
License
Reuse
dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
Support
Quality
Security
License
Reuse
Notes about attacking Jenkins servers
Support
Quality
Security
License
Reuse
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Support
Quality
Security
License
Reuse
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
Support
Quality
Security
License
Reuse
U
UltimateAppLockerByPassListby api0cradle
PowerShell 
1636 Version:Current
License: No License (No License)
License: No License (No License)The goal of this repository is to document the most common techniques to bypass AppLocker.
Support
Quality
Security
License
Reuse
vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.
Support
Quality
Security
License
Reuse
M
Middleware-Vulnerability-detectionby mai-lang-chai
Python 1622 Version:Current License: No License (No License)
License: No License (No License)CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15
Support
Quality
Security
License
Reuse
The Offensive Manual Web Application Penetration Testing Framework.
Support
Quality
Security
License
Reuse
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Support
Quality
Security
License
Reuse
Pentest Report Generator
Support
Quality
Security
License
Reuse
SharpSploit is a .NET post-exploitation library written in C#
Support
Quality
Security
License
Reuse
kunpeng是一个Golang编写的开源POC框架/库,以动态链接库的形式提供各种语言调用,通过此项目可快速开发漏洞检测类的系统。
Support
Quality
Security
License
Reuse
Reconnaissance Swiss Army Knife
Support
Quality
Security
License
Reuse
D
Dictionary-Of-Pentestingby insightglacier
Shell 1565 Version:Current License: No License (No License)
License: No License (No License)Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Support
Quality
Security
License
Reuse
Test tool for CVE-2020-1472
Support
Quality
Security
License
Reuse
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
Support
Quality
Security
License
Reuse
Tool for Active Directory Certificate Services enumeration and abuse
Support
Quality
Security
License
Reuse
Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password together from recent uploads from https://pastebin.com. Bruteforce support for spotify accounts, instagram accounts, ssh servers, microsoft rdp clients and gmail accounts
Support
Quality
Security
License
Reuse
Network Infrastructure Penetration Testing Tool
Support
Quality
Security
License
Reuse
Single-file PHP shell
Support
Quality
Security
License
Reuse
SMBMap is a handy SMB enumeration tool
Support
Quality
Security
License
Reuse
AntiVirus Evasion Tool
Support
Quality
Security
License
Reuse
🔪 :octocat: Leak git repositories from misconfigured websites
Support
Quality
Security
License
Reuse
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Support
Quality
Security
License
Reuse
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
Support
Quality
Security
License
Reuse
Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
Support
Quality
Security
License
Reuse
Unified repository for different Metasploit Framework payloads
Support
Quality
Security
License
Reuse
Undetectable Windows Payload Generation
Support
Quality
Security
License
Reuse
Kippo - SSH Honeypot
Support
Quality
Security
License
Reuse
Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
Support
Quality
Security
License
Reuse
Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++.
Support
Quality
Security
License
Reuse
:new: The Multi-Tool Web Vulnerability Scanner.
Support
Quality
Security
License
Reuse
A Python based ingestor for BloodHound
Support
Quality
Security
License
Reuse
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
Support
Quality
Security
License
Reuse
Find web directories without bruteforce
Support
Quality
Security
License
Reuse
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
Support
Quality
Security
License
Reuse
Python2编写的struts2漏洞全版本检测和利用工具
Support
Quality
Security
License
Reuse
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Support
Quality
Security
License
Reuse
Python3编写的CMS漏洞检测框架
Support
Quality
Security
License
Reuse
CVE Alerting Platform
Support
Quality
Security
License
Reuse
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Support
Quality
Security
License
Reuse
c
ctfrby UnaPibaGeek
Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
Python 1714Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1714Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
H
HTTPLeaksby cure53
HTTPLeaks - All possible ways, a website can leak HTTP requests
HTML 1708Updated: 2 y ago License: Permissive (BSD-2-Clause)
1708Updated: 2 y ago License: Permissive (BSD-2-Clause)Support
Quality
Security
License
Reuse
b
brutesprayby x90skysn3k
Brute-Forcing from Nmap output - Automatically attempts default creds on found services.
Python 1697Updated: 2 y ago License: Permissive (MIT)
1697Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
s
subjackby haccer
Subdomain Takeover tool written in Go
Go 1696Updated: 2 y ago License: Permissive (Apache-2.0)
1696Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
a
afrogby zan8in
A Security Tool for Bug Bounty, Pentest and Red Teaming.
Go 1693Updated: 2 y ago License: Permissive (MIT)
1693Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
C
CVE-2021-1675by cube0x0
C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
C# 1691Updated: 2 y ago License: No License (No License)
1691Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
l
lsassyby Hackndo
Extract credentials from lsass remotely
Python 1684Updated: 2 y ago License: Permissive (MIT)
1684Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
r
reverse-shellby lukechilds
Reverse Shell as a Service
JavaScript 1680Updated: 2 y ago License: Permissive (MIT)
1680Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
w
weblogicScannerby 0xn0ne
weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883
Python 1673Updated: 2 y ago License: No License (No License)
1673Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
d
dnsReaperby punk-security
dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
Python 1652Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)
1652Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)Support
Quality
Security
License
Reuse
p
pwn_jenkinsby gquere
Notes about attacking Jenkins servers
Python 1642Updated: 2 y ago License: No License (No License)
1642Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
S
Sudomyby screetsec
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Shell 1641Updated: 2 y ago License: Permissive (MIT)
1641Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
r
reconspiderby bhavsec
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
Python 1639Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1639Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
U
UltimateAppLockerByPassListby api0cradle
The goal of this repository is to document the most common techniques to bypass AppLocker.
PowerShell 1636Updated: 2 y ago License: No License (No License)
1636Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
v
vulnxby anouarbensaad
vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.
Python 1626Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1626Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
M
Middleware-Vulnerability-detectionby mai-lang-chai
CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15
Python 1622Updated: 4 y ago License: No License (No License)
1622Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse
T
TIDoS-Frameworkby 0xInfection
The Offensive Manual Web Application Penetration Testing Framework.
Python 1621Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1621Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
p
pwncatby cytopia
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Shell 1599Updated: 2 y ago License: Permissive (MIT)
1599Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
p
Support
Quality
Security
License
Reuse
S
SharpSploitby cobbr
SharpSploit is a .NET post-exploitation library written in C#
C# 1591Updated: 2 y ago License: Permissive (BSD-3-Clause)
1591Updated: 2 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
k
kunpengby opensec-cn
kunpeng是一个Golang编写的开源POC框架/库,以动态链接库的形式提供各种语言调用,通过此项目可快速开发漏洞检测类的系统。
Go 1585Updated: 2 y ago License: Permissive (Apache-2.0)
1585Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
R
ReconDogby s0md3v
Reconnaissance Swiss Army Knife
Python 1565Updated: 2 y ago License: Permissive (Apache-2.0)
1565Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
D
Dictionary-Of-Pentestingby insightglacier
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Shell 1565Updated: 2 y ago License: No License (No License)
1565Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
C
CVE-2020-1472by SecuraBV
Test tool for CVE-2020-1472
Python 1562Updated: 2 y ago License: Permissive (MIT)
1562Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
O
One-Lin3rby D4Vinci
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
Python 1561Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1561Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
C
Certipyby ly4k
Tool for Active Directory Certificate Services enumeration and abuse
Python 1546Updated: 2 y ago License: Permissive (MIT)
1546Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
E
EMAGNETby wuseman
Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password together from recent uploads from https://pastebin.com. Bruteforce support for spotify accounts, instagram accounts, ssh servers, microsoft rdp clients and gmail accounts
Shell 1534Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1534Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
s
spartaby SECFORCE
Network Infrastructure Penetration Testing Tool
Python 1524Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1524Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
p
Support
Quality
Security
License
Reuse
s
smbmapby ShawnDEvans
SMBMap is a handy SMB enumeration tool
Python 1496Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1496Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
a
avetby govolution
AntiVirus Evasion Tool
Shell 1494Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1494Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
g
gitjackerby liamg
🔪 :octocat: Leak git repositories from misconfigured websites
Go 1490Updated: 2 y ago License: Permissive (Unlicense)
1490Updated: 2 y ago License: Permissive (Unlicense)Support
Quality
Security
License
Reuse
S
SubDomainizerby nsonaniya2010
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Python 1485Updated: 2 y ago License: Permissive (MIT)
1485Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
v
vulnerable-ADby WazeHell
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
PowerShell 1484Updated: 2 y ago License: Permissive (MIT)
1484Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
s
safetyby pyupio
Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
Python 1479Updated: 2 y ago License: Permissive (MIT)
1479Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
m
metasploit-payloadsby rapid7
Unified repository for different Metasploit Framework payloads
C 1476Updated: 2 y ago License: Proprietary (Proprietary)
1476Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
W
Winpayloadsby nccgroup
Undetectable Windows Payload Generation
Python 1473Updated: 2 y ago License: Permissive (Apache-2.0)
1473Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
k
Support
Quality
Security
License
Reuse
s
sandmapby trimstray
Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
Shell 1439Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1439Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
K
Khepriby geemion
Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++.
C++ 1435Updated: 2 y ago License: Permissive (Apache-2.0)
1435Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
r
rapidscanby skavngr
:new: The Multi-Tool Web Vulnerability Scanner.
Python 1432Updated: 2 y ago License: Strong Copyleft (GPL-2.0)
1432Updated: 2 y ago License: Strong Copyleft (GPL-2.0)Support
Quality
Security
License
Reuse
B
BloodHound.pyby fox-it
A Python based ingestor for BloodHound
Python 1431Updated: 2 y ago License: Permissive (MIT)
1431Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
L
LFISuiteby D35m0nd142
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
Python 1424Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1424Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
d
dirhuntby Nekmo
Find web directories without bruteforce
Python 1412Updated: 2 y ago License: Permissive (MIT)
1412Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
D
DomainPasswordSprayby dafthack
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
PowerShell 1410Updated: 2 y ago License: Permissive (MIT)
1410Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
s
struts-scanby Lucifer1993
Python2编写的struts2漏洞全版本检测和利用工具
Python 1397Updated: 2 y ago License: No License (No License)
1397Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
C
Cloakifyby TryCatchHCF
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Python 1386Updated: 2 y ago License: Permissive (MIT)
1386Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
A
AngelSwordby Lucifer1993
Python3编写的CMS漏洞检测框架
Python 1382Updated: 2 y ago License: No License (No License)
1382Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
o
opencveby opencve
CVE Alerting Platform
Python 1377Updated: 2 y ago License: Proprietary (Proprietary)
1377Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
X
XAttackerby Moham3dRiahi
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Perl 1375Updated: 2 y ago License: No License (No License)
1375Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse