ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
Support
Quality
Security
License
Reuse
Fast Go Application Scanner
Support
Quality
Security
License
Reuse
Pop shells like a master.
Support
Quality
Security
License
Reuse
Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
Support
Quality
Security
License
Reuse
a recon tool that allows searching on URLs that are exposed via shortener services
Support
Quality
Security
License
Reuse
ODAT: Oracle Database Attacking Tool
Support
Quality
Security
License
Reuse
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Support
Quality
Security
License
Reuse
记录自己编写、修改的部分工具
Support
Quality
Security
License
Reuse
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
Support
Quality
Security
License
Reuse
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Support
Quality
Security
License
Reuse
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Support
Quality
Security
License
Reuse
Discover Your Attack Surface!
Support
Quality
Security
License
Reuse
DKMC - Dont kill my cat - Malicious payload evasion tool
Support
Quality
Security
License
Reuse
Docker security analysis & hacking tools
Support
Quality
Security
License
Reuse
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
Support
Quality
Security
License
Reuse
Perform a MitM attack and extract clear text credentials from RDP connections
Support
Quality
Security
License
Reuse
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
Support
Quality
Security
License
Reuse
D
Damn-Vulnerable-GraphQL-Applicationby dolevf
JavaScript 
1252 Version:Current License: Permissive (MIT)
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
Support
Quality
Security
License
Reuse
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
Support
Quality
Security
License
Reuse
个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Support
Quality
Security
License
Reuse
LadonGO 4.2 Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Support
Quality
Security
License
Reuse
:hammer: A modern multiple reverse shell sessions manager written in go
Support
Quality
Security
License
Reuse
linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks
Support
Quality
Security
License
Reuse
Penetration Testing Platform
Support
Quality
Security
License
Reuse
Security Tool to Look For Interesting Files in S3 Buckets
Support
Quality
Security
License
Reuse
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
Support
Quality
Security
License
Reuse
Drone pentesting framework console
Support
Quality
Security
License
Reuse
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
Support
Quality
Security
License
Reuse
这是一个抓取浏览器密码的工具,后续会添加更多功能
Support
Quality
Security
License
Reuse
Support
Quality
Security
License
Reuse
L
Lockdoor-Frameworkby SofianeHamlaoui
Python 1181 Version:Current License: Strong Copyleft (AGPL-3.0)
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Support
Quality
Security
License
Reuse
RedSnarf is a pen-testing / red-teaming tool for Windows environments
Support
Quality
Security
License
Reuse
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
Support
Quality
Security
License
Reuse
Dictionary for penetration testers happy hacker
Support
Quality
Security
License
Reuse
Support
Quality
Security
License
Reuse
Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment
Support
Quality
Security
License
Reuse
a
adversary_emulation_libraryby center-for-threat-informed-defense
C 1156 Version:Current License: Permissive (Apache-2.0)
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
Support
Quality
Security
License
Reuse
Burp被动扫描流量转发插件
Support
Quality
Security
License
Reuse
A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
Support
Quality
Security
License
Reuse
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
Support
Quality
Security
License
Reuse
Open source vulnerability DB and triage service.
Support
Quality
Security
License
Reuse
pentest framework
Support
Quality
Security
License
Reuse
Small utilities that are useful in advanced password cracking
Support
Quality
Security
License
Reuse
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
Support
Quality
Security
License
Reuse
A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
Support
Quality
Security
License
Reuse
Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
Support
Quality
Security
License
Reuse
MSFvenom Payload Creator (MSFPC)
Support
Quality
Security
License
Reuse
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
Support
Quality
Security
License
Reuse
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Support
Quality
Security
License
Reuse
SimplE RePort wrIting and COllaboration tool
Support
Quality
Security
License
Reuse
S
ServerScanby Adminisme
ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
Go 1372Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1372Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
z
Support
Quality
Security
License
Reuse
S
Support
Quality
Security
License
Reuse
A
AggressorScriptsby harleyQu1nn
Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
C# 1354Updated: 2 y ago
License: No License (No License)
1354Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
u
urlhunterby utkusen
a recon tool that allows searching on URLs that are exposed via shortener services
Go 1341Updated: 2 y ago License: Permissive (MIT)
1341Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
o
odatby quentinhardy
ODAT: Oracle Database Attacking Tool
Python 1339Updated: 2 y ago License: No License (No License)
1339Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
B
BlackWidowby 1N3
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Python 1332Updated: 2 y ago License: Proprietary (Proprietary)
1332Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
R
Support
Quality
Security
License
Reuse
s
stratus-red-teamby DataDog
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
Go 1293Updated: 2 y ago License: Permissive (Apache-2.0)
1293Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
V
V3n0M-Scannerby v3n0m-Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Python 1292Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1292Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
e
evillimiterby bitbrute
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Python 1290Updated: 2 y ago License: Permissive (MIT)
1290Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
i
intrigue-coreby intrigueio
Discover Your Attack Surface!
Ruby 1275Updated: 2 y ago License: Proprietary (Proprietary)
1275Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
D
DKMCby Mr-Un1k0d3r
DKMC - Dont kill my cat - Malicious payload evasion tool
Python 1274Updated: 2 y ago License: Proprietary (Proprietary)
1274Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
d
dockerscanby cr0hn
Docker security analysis & hacking tools
Python 1273Updated: 2 y ago License: Proprietary (Proprietary)
1273Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
C
C3by WithSecureLabs
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
C++ 1273Updated: 2 y ago License: Proprietary (Proprietary)
1273Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
S
Sethby SySS-Research
Perform a MitM attack and extract clear text credentials from RDP connections
Python 1271Updated: 2 y ago License: Permissive (MIT)
1271Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
l
linuxprivcheckerby sleventyeleven
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
Python 1268Updated: 2 y ago License: Permissive (MIT)
1268Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
D
Damn-Vulnerable-GraphQL-Applicationby dolevf
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
JavaScript 1252Updated: 2 y ago License: Permissive (MIT)
1252Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
C
Coercerby p0dalirius
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
Python 1250Updated: 2 y ago License: No License (No License)
1250Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
1
1earnby No-Github
个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
C++ 1246Updated: 3 y ago License: No License (No License)
1246Updated: 3 y ago License: No License (No License)Support
Quality
Security
License
Reuse
L
LadonGoby k8gege
LadonGO 4.2 Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Go 1245Updated: 2 y ago License: Permissive (MIT)
1245Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
P
Platypusby WangYihang
:hammer: A modern multiple reverse shell sessions manager written in go
Go 1244Updated: 2 y ago License: Weak Copyleft (LGPL-3.0)
1244Updated: 2 y ago License: Weak Copyleft (LGPL-3.0)Support
Quality
Security
License
Reuse
l
linWinPwnby lefayjey
linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks
Shell 1244Updated: 2 y ago License: Permissive (MIT)
1244Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
f
Support
Quality
Security
License
Reuse
A
AWSBucketDumpby jordanpotti
Security Tool to Look For Interesting Files in S3 Buckets
Python 1234Updated: 2 y ago License: Permissive (MIT)
1234Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
e
evilgradeby infobyte
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
Perl 1227Updated: 2 y ago License: No License (No License)
1227Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
d
dronesploitby dhondta
Drone pentesting framework console
Python 1221Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1221Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
n
noPacby cube0x0
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
C# 1218Updated: 2 y ago License: No License (No License)
1218Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
B
BrowserGhostby QAX-A-Team
这是一个抓取浏览器密码的工具,后续会添加更多功能
C# 1208Updated: 2 y ago License: No License (No License)
1208Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
p
pentest-notesby wwong99
Python 1204Updated: 2 y ago License: Permissive (MIT)
1204Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
L
Lockdoor-Frameworkby SofianeHamlaoui
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Python 1181Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)
1181Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)Support
Quality
Security
License
Reuse
r
redsnarfby nccgroup
RedSnarf is a pen-testing / red-teaming tool for Windows environments
PowerShell 1173Updated: 2 y ago License: Permissive (Apache-2.0)
1173Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
A
AttackSurfaceMapperby superhedgy
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
Python 1172Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1172Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
P
PentesterSpecialDictby a3vilc0de
Dictionary for penetration testers happy hacker
Python 1170Updated: 2 y ago License: No License (No License)
1170Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
f
fragattacksby vanhoefm
C 1167Updated: 2 y ago License: Proprietary (Proprietary)
1167Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
i
icebreakerby DanMcInerney
Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment
PowerShell 1162Updated: 2 y ago License: Permissive (MIT)
1162Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
a
adversary_emulation_libraryby center-for-threat-informed-defense
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
C 1156Updated: 2 y ago License: Permissive (Apache-2.0)
1156Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
p
Support
Quality
Security
License
Reuse
B
Bashfuscatorby Bashfuscator
A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
Python 1140Updated: 2 y ago License: Permissive (MIT)
1140Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
C
C3by FSecureLABS
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
C++ 1136Updated: 3 y ago License: Proprietary (Proprietary)
1136Updated: 3 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
o
osv.devby google
Open source vulnerability DB and triage service.
Python 1135Updated: 2 y ago License: Permissive (Apache-2.0)
1135Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
p
Support
Quality
Security
License
Reuse
h
hashcat-utilsby hashcat
Small utilities that are useful in advanced password cracking
C 1104Updated: 2 y ago License: Permissive (MIT)
1104Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
P
Passhuntby Viralmaniar
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
Python 1098Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1098Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
d
droopescanby SamJoan
A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
HTML 1094Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)
1094Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)Support
Quality
Security
License
Reuse
C
Chimeraby tokyoneon
Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
PowerShell 1091Updated: 2 y ago License: No License (No License)
1091Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
m
Support
Quality
Security
License
Reuse
G
GraphQLmapby swisskyrepo
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
Python 1080Updated: 2 y ago License: Permissive (MIT)
1080Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
I
Interlaceby codingo
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Python 1076Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1076Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
S
Serpicoby SerpicoProject
SimplE RePort wrIting and COllaboration tool
JavaScript 1076Updated: 2 y ago License: Proprietary (Proprietary)
1076Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse