Java RMI enumeration and attack tool.
Support
Quality
Security
License
Reuse
Statically-linked ssh server with reverse shell functionality for CTFs and such
Support
Quality
Security
License
Reuse
Dumping DPAPI credz remotely
Support
Quality
Security
License
Reuse
Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)
Support
Quality
Security
License
Reuse
Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second
Support
Quality
Security
License
Reuse
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Support
Quality
Security
License
Reuse
Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
Support
Quality
Security
License
Reuse
Automatic Enumeration Tool based in Open Source tools
Support
Quality
Security
License
Reuse
Awesome cloud enumerator
Support
Quality
Security
License
Reuse
test script for shellshocker and related vulnerabilities
Support
Quality
Security
License
Reuse
Automated Penetration Testing Reporting System
Support
Quality
Security
License
Reuse
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Support
Quality
Security
License
Reuse
:eye: (s)AINT is a Spyware Generator for Windows systems written in Java. [Discontinued]
Support
Quality
Security
License
Reuse
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
Support
Quality
Security
License
Reuse
一个高价值漏洞采集与推送服务 | collect valueable vulnerability and push it
Support
Quality
Security
License
Reuse
Windows 权限提升 BadPotato
Support
Quality
Security
License
Reuse
A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
Support
Quality
Security
License
Reuse
Support
Quality
Security
License
Reuse
MSDAT: Microsoft SQL Database Attacking Tool
Support
Quality
Security
License
Reuse
🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
Support
Quality
Security
License
Reuse
A python script to scan for Apache Tomcat server vulnerabilities.
Support
Quality
Security
License
Reuse
All in One Recon Tool for Bug Bounty
Support
Quality
Security
License
Reuse
Java RMI Vulnerability Scanner
Support
Quality
Security
License
Reuse
A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf)
Support
Quality
Security
License
Reuse
Sandman is a NTP based backdoor for red team engagements in hardened networks.
Support
Quality
Security
License
Reuse
Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Support
Quality
Security
License
Reuse
Use unicornscan to quickly scan all open ports, and then pass the open ports to nmap for detailed scans.
Support
Quality
Security
License
Reuse
A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities
Support
Quality
Security
License
Reuse
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Support
Quality
Security
License
Reuse
Vagrant VirtualBox environment for conducting an internal network penetration test
Support
Quality
Security
License
Reuse
Pentest environment deployer (kali linux + targets) using vagrant and chef.
Support
Quality
Security
License
Reuse
A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
Support
Quality
Security
License
Reuse
Infosec Wordlists and more.
Support
Quality
Security
License
Reuse
A tool to link a domain with registered organisation names and emails, to other domains.
Support
Quality
Security
License
Reuse
Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 spoofer/machine-in-the-middle tool
Support
Quality
Security
License
Reuse
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
Support
Quality
Security
License
Reuse
Open-Source Ransomware As A Service for Linux, MacOS and Windows
Support
Quality
Security
License
Reuse
My subdomain enumeration script. It's unique in the way it is built upon.
Support
Quality
Security
License
Reuse
Tool to bypass 40X response codes.
Support
Quality
Security
License
Reuse
Recon phase script where i scrape emails from the web
Support
Quality
Security
License
Reuse
This Powershell script will generate a malicious Microsoft Office document with a specified payload and persistence method.
Support
Quality
Security
License
Reuse
A fast and stealthy credential harvester
Support
Quality
Security
License
Reuse
Auto Scanning to SSL Vulnerability
Support
Quality
Security
License
Reuse
Apkmod can decompile, recompile, sign APK, and bind the payload with any legit APP
Support
Quality
Security
License
Reuse
WAFNinja is a tool which contains two functions to attack Web Application Firewalls.
Support
Quality
Security
License
Reuse
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Support
Quality
Security
License
Reuse
收集一些小型实用的工具
Support
Quality
Security
License
Reuse
Twitter vulnerable snippets
Support
Quality
Security
License
Reuse
a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc
Support
Quality
Security
License
Reuse
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Support
Quality
Security
License
Reuse
B
BaRMIeby NickstaDB
Java RMI enumeration and attack tool.
Java
667Updated: 2 y ago License: Permissive (MIT)
667Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
r
reverse-sshby Fahrj
Statically-linked ssh server with reverse shell functionality for CTFs and such
Go 666Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
666Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
D
DonPAPIby login-securite
Dumping DPAPI credz remotely
Python 666Updated: 2 y ago
License: No License (No License)
666Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
S
SpoolFoolby ly4k
Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)
C# 665Updated: 2 y ago License: Permissive (MIT)
665Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
k
ksubdomainby boy-hack
Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second
Go 662Updated: 2 y ago License: Permissive (MIT)
662Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
v
vajraby r3curs1v3-pr0xy
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
JavaScript 656Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
656Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
C
CVE-2017-0199by bhdresh
Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
Python 654Updated: 4 y ago License: No License (No License)
654Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse
l
legionby carlospolop
Automatic Enumeration Tool based in Open Source tools
Python 654Updated: 2 y ago License: Permissive (MIT)
654Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
C
Support
Quality
Security
License
Reuse
b
bashcheckby hannob
test script for shellshocker and related vulnerabilities
Shell 652Updated: 4 y ago License: Permissive (CC0-1.0)
652Updated: 4 y ago License: Permissive (CC0-1.0)Support
Quality
Security
License
Reuse
A
APTRSby Anof-cyber
Automated Penetration Testing Reporting System
Python 647Updated: 2 y ago License: Permissive (MIT)
647Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
j
jackhammerby olacabs
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Java 645Updated: 4 y ago License: Proprietary (Proprietary)
645Updated: 4 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
s
sAINTby tiagorlampert
:eye: (s)AINT is a Spyware Generator for Windows systems written in Java. [Discontinued]
Java 645Updated: 2 y ago License: Permissive (BSD-3-Clause)
645Updated: 2 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
r
recollapseby 0xacb
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
Python 645Updated: 2 y ago License: Permissive (MIT)
645Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
w
watchvulnby zema1
一个高价值漏洞采集与推送服务 | collect valueable vulnerability and push it
Go 645Updated: 2 y ago License: Permissive (MIT)
645Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
B
BadPotatoby BeichenDream
Windows 权限提升 BadPotato
C# 643Updated: 2 y ago License: No License (No License)
643Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
B
BurpSuiteHTTPSmugglerby nccgroup
A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
Java 640Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)
640Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)Support
Quality
Security
License
Reuse
a
aem-hackerby 0ang3el
Python 637Updated: 2 y ago License: Permissive (MIT)
637Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
m
msdatby quentinhardy
MSDAT: Microsoft SQL Database Attacking Tool
Python 635Updated: 4 y ago License: No License (No License)
635Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse
j
jwt-hackby hahwul
🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
Go 635Updated: 2 y ago License: Permissive (MIT)
635Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
A
ApacheTomcatScannerby p0dalirius
A python script to scan for Apache Tomcat server vulnerabilities.
Python 635Updated: 2 y ago License: No License (No License)
635Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
A
AORTby D3Ext
All in One Recon Tool for Bug Bounty
Python 633Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
633Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
r
remote-method-guesserby qtc-de
Java RMI Vulnerability Scanner
Java 632Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
632Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
S
Sprayby Greenwolf
A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf)
Shell 631Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
631Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
S
Sandmanby Idov31
Sandman is a NTP based backdoor for red team engagements in hardened networks.
C# 631Updated: 2 y ago License: Permissive (BSD-2-Clause)
631Updated: 2 y ago License: Permissive (BSD-2-Clause)Support
Quality
Security
License
Reuse
3
3klConby eslam3kl
Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Python 630Updated: 2 y ago License: No License (No License)
630Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
o
onetwopunchby superkojiman
Use unicornscan to quickly scan all open ports, and then pass the open ports to nmap for detailed scans.
Shell 629Updated: 2 y ago License: Permissive (MIT)
629Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
s
spring4shell-scanby fullhunt
A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities
Python 623Updated: 2 y ago License: Permissive (MIT)
623Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
s
sast-scanby ShiftLeftSecurity
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Python 622Updated: 2 y ago License: Proprietary (Proprietary)
622Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
c
capsulecorp-pentestby R3dy
Vagrant VirtualBox environment for conducting an internal network penetration test
Ruby 618Updated: 2 y ago License: No License (No License)
618Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
p
pentest-envby Sliim
Pentest environment deployer (kali linux + targets) using vagrant and chef.
Ruby 613Updated: 4 y ago License: Strong Copyleft (GPL-3.0)
613Updated: 4 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
P
PowerHubby AdrianVollmer
A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
PowerShell 612Updated: 2 y ago License: Permissive (MIT)
612Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
w
wordlistsby xajkep
Infosec Wordlists and more.
Python 609Updated: 2 y ago License: No License (No License)
609Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
D
DomLinkby vysecurity
A tool to link a domain with registered organisation names and emails, to other domains.
Python 608Updated: 4 y ago License: Permissive (MIT)
608Updated: 4 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
I
InveighZeroby Kevin-Robertson
Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 spoofer/machine-in-the-middle tool
C# 607Updated: 4 y ago License: Permissive (BSD-3-Clause)
607Updated: 4 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
s
scillaby edoardottt
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
Go 605Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
605Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
R
RAASNetby leonv024
Open-Source Ransomware As A Service for Linux, MacOS and Windows
Python 604Updated: 3 y ago License: Strong Copyleft (GPL-3.0)
604Updated: 3 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
f
frogyby iamthefrogy
My subdomain enumeration script. It's unique in the way it is built upon.
Shell 604Updated: 2 y ago License: No License (No License)
604Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
d
dontgo403by devploit
Tool to bypass 40X response codes.
Go 604Updated: 2 y ago License: Permissive (Apache-2.0)
604Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
E
EmailScraperby MrMagnif1cent
Recon phase script where i scrape emails from the web
Python 603Updated: 2 y ago License: No License (No License)
603Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
G
Generate-Macroby enigma0x3
This Powershell script will generate a malicious Microsoft Office document with a specified payload and persistence method.
PowerShell 600Updated: 4 y ago License: No License (No License)
600Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse
C
CredCrackby gojhonny
A fast and stealthy credential harvester
Python 599Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
599Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
a
Support
Quality
Security
License
Reuse
A
Apkmodby Hax4us
Apkmod can decompile, recompile, sign APK, and bind the payload with any legit APP
Shell 596Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
596Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
W
WAFNinjaby khalilbijjou
WAFNinja is a tool which contains two functions to attack Web Application Firewalls.
Python 595Updated: 3 y ago License: No License (No License)
595Updated: 3 y ago License: No License (No License)Support
Quality
Security
License
Reuse
C
Cerberusby YagamiiLight
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Python 594Updated: 2 y ago License: No License (No License)
594Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
p
Support
Quality
Security
License
Reuse
v
vulnerable-code-snippetsby yeswehack
Twitter vulnerable snippets
PHP 594Updated: 2 y ago License: No License (No License)
594Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
s
shotlooterby utkusen
a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc
Python 587Updated: 2 y ago License: Permissive (BSD-3-Clause)
587Updated: 2 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
n
noPacby Ridter
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Python 581Updated: 2 y ago License: No License (No License)
581Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse