Security Testing Libraries - Page 7

Dracnmap is an open source program which is using to exploit the network and gathering information with nmap help. Nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. Hence Dracnmap is designed to perform fast scaning with the utilizing script engine of nmap and nmap can perform various automatic scanning techniques with the advanced commands.

Shell 876Updated: 4 y ago License: Strong Copyleft (GPL-3.0)

An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector

Go 876Updated: 4 y ago License: Permissive (MIT)

A subdomain enumeration tool.

Go 875Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

A flexible scanner

Python 873Updated: 2 y ago License: No License (No License)

CVE-2016-5195 (dirtycow/dirtyc0w) proof of concept for Android

C 871Updated: 4 y ago License: No License (No License)

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

Go 871Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

HTTP weak pass scanner

Python 868Updated: 2 y ago License: No License (No License)

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Python 865Updated: 2 y ago License: No License (No License)

massive SQL injection vulnerability scanner

Python 861Updated: 4 y ago License: Strong Copyleft (GPL-3.0)

Generate Gmail Emailing Keyloggers to Windows.

Python 861Updated: 2 y ago License: Permissive (BSD-3-Clause)

Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)

Shell 860Updated: 2 y ago License: Permissive (Apache-2.0)

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Python 857Updated: 2 y ago License: Permissive (MIT)

A cross-platform note-taking & target-tracking app for penetration testers.

JavaScript 854Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

Collection of Proof of Concepts and Potential Targets for #ShellShocker

Python 852Updated: 4 y ago License: Permissive (MIT)

Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active.

Shell 850Updated: 2 y ago License: Permissive (MIT)

Scripts I use during pentest engagements.

Python 846Updated: 4 y ago License: Proprietary (Proprietary)

LSTAR - CobaltStrike 综合后渗透插件

PowerShell 846Updated: 2 y ago License: No License (No License)

Vulmap Online Local Vulnerability Scanners Project

Python 845Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+

PowerShell 845Updated: 2 y ago License: Permissive (MIT)

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

Python 841Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

Web Content Discovery Tool

Python 839Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

DotDotPwn - The Directory Traversal Fuzzer

Perl 836Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

Shell 833Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

Advanced reconnaissance utility

Python 831Updated: 2 y ago License: No License (No License)

🐧 Abuse of Google Colab for cracking hashes.

Jupyter Notebook 831Updated: 2 y ago License: No License (No License)

Various PowerShell scripts that may be useful during red team exercise

PowerShell 829Updated: 2 y ago License: Proprietary (Proprietary)

A Powerful Subdomain Takeover Tool

Go 829Updated: 2 y ago License: Permissive (BSD-2-Clause)

Microsoft » Windows 10 : Security Vulnerabilities

HTML 827Updated: 2 y ago License: No License (No License)

Performs OSINT scan on email/domain/ip_address/organization using OSINT-SPY. It can be used by Data Miners, Infosec Researchers, Penetration Testers and cyber crime investigator in order to find deep information about their target. If you want to ask something please feel free to reach out to me at robotcoder@protonmail.com

Python 823Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

Enumerate the permissions associated with AWS credential set

Python 811Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

Java 809Updated: 4 y ago License: Permissive (Apache-2.0)

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

CSS 807Updated: 4 y ago License: Strong Copyleft (GPL-3.0)

CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.

Python 807Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

Extract endpoints from apk files.

Shell 806Updated: 2 y ago License: Permissive (MIT)

Docker containers vulnerability scan

Go 797Updated: 2 y ago License: Permissive (Apache-2.0)

|| Activate Burp Suite Pro with Key-Generator and Key-Loader ||

PowerShell 796Updated: 2 y ago License: No License (No License)

Collection of PoC and offensive techniques used by the BlackArrow Red Team

C 795Updated: 2 y ago License: No License (No License)

Wordpress Attack Suite

Python 787Updated: 2 y ago License: Permissive (BSD-2-Clause)

Email recon made fast and easy, with a framework to build on

Python 784Updated: 4 y ago License: Strong Copyleft (GPL-3.0)

An overview of the device integration HTML5 APIs

JavaScript 784Updated: 3 y ago License: Permissive (MIT)

A python tool used to discover endpoints (and potential parameters) for a given target

Python 784Updated: 2 y ago License: No License (No License)

LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping

Python 784Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.

HTML 783Updated: 2 y ago License: No License (No License)

SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications

Python 781Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.

Python 778Updated: 2 y ago License: Proprietary (Proprietary)

🎖safely* install packages with npm or yarn by auditing them as part of your install process

JavaScript 776Updated: 2 y ago License: Permissive (Apache-2.0)

The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.

PowerShell 776Updated: 2 y ago License: No License (No License)

Automated Penetration Testing Framework

Python 774Updated: 4 y ago License: Proprietary (Proprietary)

Morpheus - Automating Ettercap TCP/IP (MITM-hijacking Tool)

HTML 772Updated: 2 y ago License: No License (No License)

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

Python 771Updated: 2 y ago License: Strong Copyleft (GPL-3.0)