WPSeku - Wordpress Security Scanner
Support
Quality
Security
License
Reuse
Kautilya - Tool for easy use of Human Interface Devices for offensive security and penetration testing.
Support
Quality
Security
License
Reuse
Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password together from recent uploads from https://pastebin.com. Bruteforce support for spotify accounts, instagram accounts, ssh servers, microsoft rdp clients and gmail accounts
Support
Quality
Security
License
Reuse
Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
Support
Quality
Security
License
Reuse
Asset inventory of over 800 public bug bounty programs.
Support
Quality
Security
License
Reuse
Modern tactical exploitation toolkit.
Support
Quality
Security
License
Reuse
GoLismero - The Web Knife
Support
Quality
Security
License
Reuse
:zap: Worlds fastest steghide cracker, chewing through millions of passwords per second :zap:
Support
Quality
Security
License
Reuse
Vulnerability scanner based on vulners.com search API
Support
Quality
Security
License
Reuse
Payload Arsenal for Pentration Tester and Bug Bounty Hunters
Support
Quality
Security
License
Reuse
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
Support
Quality
Security
License
Reuse
A semi-interactive PHP shell compressed into a single file.
Support
Quality
Security
License
Reuse
Utility for detecting phishing domains targeting Web3 users
Support
Quality
Security
License
Reuse
raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.
Support
Quality
Security
License
Reuse
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Support
Quality
Security
License
Reuse
HVNC for Cobalt Strike
Support
Quality
Security
License
Reuse
Damn Small SQLi Scanner
Support
Quality
Security
License
Reuse
Generates millions of keyword-based password mutations in seconds.
Support
Quality
Security
License
Reuse
Data Hacking Project
Support
Quality
Security
License
Reuse
Credentials gathering tool automating remote procdump and parse of lsass process.
Support
Quality
Security
License
Reuse
CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
Support
Quality
Security
License
Reuse
Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)
Support
Quality
Security
License
Reuse
Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
Support
Quality
Security
License
Reuse
SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks such as Instagram, Linkedin and Twitter to find possible credentials leaks in PwnDB or Dehashed and obtain Google account information via GHunt.
Support
Quality
Security
License
Reuse
Ruby on Rails Phishing Framework
Support
Quality
Security
License
Reuse
uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on.
Support
Quality
Security
License
Reuse
The easiest way to write web applications with Perl (Perl web micro-framework)
Support
Quality
Security
License
Reuse
AV Evasion Tool For Red Team Ops
Support
Quality
Security
License
Reuse
Open source C2 server created for stealth red team operations
Support
Quality
Security
License
Reuse
Lockphish it's the first tool (07/04/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link.
Support
Quality
Security
License
Reuse
Automation for javascript recon in bug bounty.
Support
Quality
Security
License
Reuse
Demonstrates the "heartbleed" problem using full OpenSSL stack
Support
Quality
Security
License
Reuse
Multi Tool Subdomain Enumeration
Support
Quality
Security
License
Reuse
Java漏洞学习笔记 Deserialization Vulnerability
Support
Quality
Security
License
Reuse
Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.
Support
Quality
Security
License
Reuse
This Script will help you to gather information about your victim or friend.
Support
Quality
Security
License
Reuse
A Python Package for Data Exfiltration
Support
Quality
Security
License
Reuse
漏洞检测、漏洞利用
Support
Quality
Security
License
Reuse
Python and Powershell internal penetration testing framework
Support
Quality
Security
License
Reuse
A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam
Support
Quality
Security
License
Reuse
NetCat for Windows
Support
Quality
Security
License
Reuse
A (partial) Python rewriting of PowerSploit's PowerView
Support
Quality
Security
License
Reuse
Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
Support
Quality
Security
License
Reuse
Easy automated vulnerability scanning, reporting and analysis
Support
Quality
Security
License
Reuse
Python and Powershell internal penetration testing framework
Support
Quality
Security
License
Reuse
Subdomain takeover vulnerability checker
Support
Quality
Security
License
Reuse
Web vulnerability scanner written in Python3
Support
Quality
Security
License
Reuse
Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
Support
Quality
Security
License
Reuse
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Support
Quality
Security
License
Reuse
Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式,将不同漏洞场景检测能力通过插件的形式进行集合,通过与目标进行out-bind的数据通信方式进行辅助检测。
Support
Quality
Security
License
Reuse
W
WPSekuby m4ll0k
WPSeku - Wordpress Security Scanner
Python
769Updated: 4 y ago License: Strong Copyleft (GPL-3.0)
769Updated: 4 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
K
Kautilyaby samratashok
Kautilya - Tool for easy use of Human Interface Devices for offensive security and penetration testing.
PowerShell 768Updated: 4 y ago License: Proprietary (Proprietary)
768Updated: 4 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
E
Emagnetby wuseman
Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password together from recent uploads from https://pastebin.com. Bruteforce support for spotify accounts, instagram accounts, ssh servers, microsoft rdp clients and gmail accounts
Shell 761Updated: 4 y ago License: Strong Copyleft (GPL-3.0)
761Updated: 4 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
c
chashellby sysdream
Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
Go 761Updated: 4 y ago
License: No License (No License)
761Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse
i
inventoryby trickest
Asset inventory of over 800 public bug bounty programs.
Shell 759Updated: 2 y ago License: Permissive (MIT)
759Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
t
tactical-exploitationby 0xdea
Modern tactical exploitation toolkit.
Python 756Updated: 2 y ago License: Permissive (MIT)
756Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
g
golismeroby golismero
GoLismero - The Web Knife
Python 752Updated: 4 y ago License: Strong Copyleft (GPL-2.0)
752Updated: 4 y ago License: Strong Copyleft (GPL-2.0)Support
Quality
Security
License
Reuse
s
stegseekby RickdeJager
:zap: Worlds fastest steghide cracker, chewing through millions of passwords per second :zap:
C++ 752Updated: 2 y ago License: Strong Copyleft (GPL-2.0)
752Updated: 2 y ago License: Strong Copyleft (GPL-2.0)Support
Quality
Security
License
Reuse
b
burp-vulners-scannerby vulnersCom
Vulnerability scanner based on vulners.com search API
Java 751Updated: 4 y ago License: Weak Copyleft (LGPL-3.0)
751Updated: 4 y ago License: Weak Copyleft (LGPL-3.0)Support
Quality
Security
License
Reuse
P
Payloadsby sh377c0d3
Payload Arsenal for Pentration Tester and Bug Bounty Hunters
PHP 748Updated: 2 y ago License: No License (No License)
748Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
c
cve-bin-toolby intel
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
Python 747Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
747Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
p
phpbashby Arrexel
A semi-interactive PHP shell compressed into a single file.
PHP 742Updated: 2 y ago License: Permissive (Apache-2.0)
742Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
e
eth-phishing-detectby MetaMask
Utility for detecting phishing domains targeting Web3 users
JavaScript 737Updated: 2 y ago License: Proprietary (Proprietary)
737Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
r
ravenby 0x09AL
raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.
Go 734Updated: 4 y ago License: No License (No License)
734Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse
J
JustTryHarderby sinfulz
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Python 733Updated: 2 y ago License: No License (No License)
733Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
H
Support
Quality
Security
License
Reuse
D
Support
Quality
Security
License
Reuse
p
psudohashby t3l3machus
Generates millions of keyword-based password mutations in seconds.
Python 729Updated: 2 y ago License: Permissive (MIT)
729Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
d
data_hackingby SuperCowPowers
Data Hacking Project
Jupyter Notebook 727Updated: 3 y ago License: Permissive (MIT)
727Updated: 3 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
s
spraykatzby aas-n
Credentials gathering tool automating remote procdump and parse of lsass process.
Python 724Updated: 2 y ago License: Permissive (MIT)
724Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
C
CVE-2021-40444by klezVirus
CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
HTML 723Updated: 2 y ago License: No License (No License)
723Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
s
spectre-attackby Eugnis
Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)
C 722Updated: 2 y ago License: No License (No License)
722Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
C
CVE-2021-31166by 0vercl0k
Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
Python 722Updated: 4 y ago License: Permissive (MIT)
722Updated: 4 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
S
SocialPwnedby MrTuxx
SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks such as Instagram, Linkedin and Twitter to find possible credentials leaks in PwnDB or Dehashed and obtain Google account information via GHunt.
Python 720Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
720Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
p
phishing-frenzyby pentestgeek
Ruby on Rails Phishing Framework
PHP 716Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
716Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
u
uDorkby m3n0sd0n4ld
uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on.
Shell 715Updated: 2 y ago License: No License (No License)
715Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
D
Dancerby PerlDancer
The easiest way to write web applications with Perl (Perl web micro-framework)
Perl 714Updated: 4 y ago License: No License (No License)
714Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse
F
FourEyeby lengjibo
AV Evasion Tool For Red Team Ops
C 706Updated: 2 y ago License: Permissive (Apache-2.0)
706Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
N
Ninjaby ahmedkhlief
Open source C2 server created for stealth red team operations
PowerShell 700Updated: 2 y ago License: No License (No License)
700Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
l
lockphishby jaykali
Lockphish it's the first tool (07/04/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link.
HTML 695Updated: 2 y ago License: Proprietary (Proprietary)
695Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
J
JSFScan.shby KathanP19
Automation for javascript recon in bug bounty.
Shell 695Updated: 2 y ago License: No License (No License)
695Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
h
heartleechby robertdavidgraham
Demonstrates the "heartbleed" problem using full OpenSSL stack
C 694Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)
694Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)Support
Quality
Security
License
Reuse
d
domainedby TypeError
Multi Tool Subdomain Enumeration
Python 691Updated: 4 y ago License: Strong Copyleft (GPL-3.0)
691Updated: 4 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
J
JavaLearnVulnerabilityby SummerSec
Java漏洞学习笔记 Deserialization Vulnerability
HTML 690Updated: 2 y ago License: No License (No License)
690Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
w
webanalyzeby rverton
Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.
Go 688Updated: 2 y ago License: Permissive (MIT)
688Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
0
007-TheBondby Deadshot0x7
This Script will help you to gather information about your victim or friend.
Python 687Updated: 2 y ago License: Permissive (MIT)
687Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
P
PyExfilby ytisf
A Python Package for Data Exfiltration
Python 682Updated: 2 y ago License: Permissive (MIT)
682Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
p
Support
Quality
Security
License
Reuse
p
pentestlyby praetorian-inc
Python and Powershell internal penetration testing framework
Python 681Updated: 4 y ago License: Strong Copyleft (GPL-3.0)
681Updated: 4 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
O
OSCP-Prepby RustyShackleford221
A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam
Python 676Updated: 3 y ago License: No License (No License)
676Updated: 3 y ago License: No License (No License)Support
Quality
Security
License
Reuse
n
Support
Quality
Security
License
Reuse
p
pywerviewby the-useless-one
A (partial) Python rewriting of PowerSploit's PowerView
Python 673Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
673Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
W
WitnessMeby byt3bl33d3r
Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
Python 672Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
672Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
s
seccubusby seccubus
Easy automated vulnerability scanning, reporting and analysis
JavaScript 672Updated: 2 y ago License: Permissive (Apache-2.0)
672Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
p
pentestlyby praetorian-code
Python and Powershell internal penetration testing framework
Python 671Updated: 4 y ago License: Strong Copyleft (GPL-3.0)
671Updated: 4 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
s
subzyby LukaSikic
Subdomain takeover vulnerability checker
Go 670Updated: 2 y ago License: Strong Copyleft (GPL-2.0)
670Updated: 2 y ago License: Strong Copyleft (GPL-2.0)Support
Quality
Security
License
Reuse
w
wapitiby wapiti-scanner
Web vulnerability scanner written in Python3
Python 669Updated: 2 y ago License: Strong Copyleft (GPL-2.0)
669Updated: 2 y ago License: Strong Copyleft (GPL-2.0)Support
Quality
Security
License
Reuse
S
SlackPirateby emtunc
Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
Python 669Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
669Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
G
Garudby R0X4R
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Shell 669Updated: 2 y ago License: Permissive (MIT)
669Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
A
Antennaby wuba
Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式,将不同漏洞场景检测能力通过插件的形式进行集合,通过与目标进行out-bind的数据通信方式进行辅助检测。
JavaScript 668Updated: 2 y ago License: Permissive (Apache-2.0)
668Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse