Trending repositories for topic enumeration
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
A drop-in replacement for native enum. Like native enum, but much better!
An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
Automated NoSQL database enumeration and web application exploitation tool.
Full and natural support for enumerations as Django model fields.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
💻 Certified ethical hacker summary in bullet points
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
A drop-in replacement for native enum. Like native enum, but much better!
Full and natural support for enumerations as Django model fields.
An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
A fast, simple, recursive content discovery tool written in Rust.
💻 Certified ethical hacker summary in bullet points
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Automated NoSQL database enumeration and web application exploitation tool.
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
A drop-in replacement for native enum. Like native enum, but much better!
A fast, simple, recursive content discovery tool written in Rust.
An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Automated NoSQL database enumeration and web application exploitation tool.
💻 Certified ethical hacker summary in bullet points
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
A drop-in replacement for native enum. Like native enum, but much better!
Find S3 AWS/GCP/Azure buckets while surfing. S3DNS acts as DNS server, follows CNAMEs and matches any bucket pattern
An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
Full and natural support for enumerations as Django model fields.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
CHOMTE.SH is a powerful shell script designed to automate reconnaissance tasks during penetration testing. It utilizes various Go-based tools to gather information and identify the attack surface, mak...
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
An in-depth guide to help people who are new to penetration testing or red teaming and are looking to gain an overview of the penetration testing process. This guide will focus on both the penetratio...
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
💻 Certified ethical hacker summary in bullet points
This cheat sheet outlines common enumeration and attack methods for Windows Active Directory using PowerShell.
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
A fast, simple, recursive content discovery tool written in Rust.
Roadmap for preparing for OSCP, anyone is free to use this, and also feedback and contributions are welcome
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps Comp...
A fast, simple, recursive content discovery tool written in Rust.
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
A drop-in replacement for native enum. Like native enum, but much better!
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
Find S3 AWS/GCP/Azure buckets while surfing. S3DNS acts as DNS server, follows CNAMEs and matches any bucket pattern
linWinPwn is a bash script that streamlines the use of a number of Active Directory tools
An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
A drop-in replacement for native enum. Like native enum, but much better!
Find S3 AWS/GCP/Azure buckets while surfing. S3DNS acts as DNS server, follows CNAMEs and matches any bucket pattern
Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps Comp...
Full and natural support for enumerations as Django model fields.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Pinny Notes is a sticky note application with a button to "pin" a note making it always on top above other windows. A number of other handy tools are also available via the right click menus.
An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
An in-depth guide to help people who are new to penetration testing or red teaming and are looking to gain an overview of the penetration testing process. This guide will focus on both the penetratio...
Welcome SecToolkit repository! This is a comprehensive collection of cybersecurity and bug bounty hunting topics. Here, you'll find a variety of resources, notes, and practical projects aimed at enhan...
Unauthenticated enumeration of AWS, Azure, and GCP Principals
CHOMTE.SH is a powerful shell script designed to automate reconnaissance tasks during penetration testing. It utilizes various Go-based tools to gather information and identify the attack surface, mak...
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
SMTP user enumeration via VRFY, EXPN and RCPT with clever timeout, retry and reconnect functionality.
onedrive user enumeration - pentest tool to enumerate valid o365 users
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
Find S3 AWS/GCP/Azure buckets while surfing. S3DNS acts as DNS server, follows CNAMEs and matches any bucket pattern
The tool 𝗲𝗻𝘂𝗺𝘅 is a framework built for Kali Linux that uses a plethora of existing pentesting tools as plugins in order to simplify and standardize the enumeration stage at a simplistic level. I...
Welcome SecToolkit repository! This is a comprehensive collection of cybersecurity and bug bounty hunting topics. Here, you'll find a variety of resources, notes, and practical projects aimed at enhan...
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A fast, simple, recursive content discovery tool written in Rust.
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
Automated NoSQL database enumeration and web application exploitation tool.
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
linWinPwn is a bash script that streamlines the use of a number of Active Directory tools
Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps Comp...
A drop-in replacement for native enum. Like native enum, but much better!
The tool 𝗲𝗻𝘂𝗺𝘅 is a framework built for Kali Linux that uses a plethora of existing pentesting tools as plugins in order to simplify and standardize the enumeration stage at a simplistic level. I...
Pinny Notes is a sticky note application with a button to "pin" a note making it always on top above other windows. A number of other handy tools are also available via the right click menus.
Tracks a range of Microsoft owned ASNs and publishes a daily release containing a list of IPv4 and IPv6 address in CIDR notation.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Full and natural support for enumerations as Django model fields.
🦀 RUSTVERSARY: A comprehensive repository of tools and scripts for malware development practices.
All in one Pentest methodologies - Tools and commands | Where compiled all common materials for pentester
Python tool for enumerating directories and files on web servers that contain a publicly readable .ds_store file.
Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps Comp...
Bruter is an OSINT tooling, an experiment to build a reconnaissance simple app to have fun 🕵️♂️
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
Notes, research, and methodologies for becoming a better hacker. Knowledge should be free.
This cheat sheet outlines common enumeration and attack methods for Windows Active Directory using PowerShell.
SSH Private Key Looting Wordlists. A collection of wordlists to aid in locating or brute-forcing SSH private key file names.
