Trending repositories for topic enumeration
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Automated NoSQL database enumeration and web application exploitation tool.
LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
Username enumeration and password spraying tool aimed at Microsoft O365.
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
The Offensive Manual Web Application Penetration Testing Framework.
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
Username enumeration and password spraying tool aimed at Microsoft O365.
Automated NoSQL database enumeration and web application exploitation tool.
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)
Security Tool to Look For Interesting Files in S3 Buckets
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
The Offensive Manual Web Application Penetration Testing Framework.
A fast, simple, recursive content discovery tool written in Rust.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Automated NoSQL database enumeration and web application exploitation tool.
A fast, simple, recursive content discovery tool written in Rust.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
linWinPwn is a bash script that streamlines the use of a number of Active Directory tools
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Aggregated wordlist pulled from commonly used tools for discovery, enumeration, fuzzing, and exploitation.
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Unauthenticated enumeration of AWS, Azure, and GCP Principals
Automated NoSQL database enumeration and web application exploitation tool.
LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
Python code snippets from Discrete Mathematics for Computer Science specialization at Coursera
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
linWinPwn is a bash script that streamlines the use of a number of Active Directory tools
Username enumeration and password spraying tool aimed at Microsoft O365.
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
A fast, simple, recursive content discovery tool written in Rust.
Automated NoSQL database enumeration and web application exploitation tool.
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
linWinPwn is a bash script that streamlines the use of a number of Active Directory tools
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
The tool 𝗲𝗻𝘂𝗺𝘅 is a framework built for Kali Linux that uses a plethora of existing pentesting tools as plugins in order to simplify and standardize the enumeration stage at a simplistic level. I...
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Active Directory Penetration Testing for Red Teams
Combine words from two wordlist files and concatenate them with an optional delimiter
SSH Private Key Looting Wordlists. A collection of wordlists to aid in locating or brute-forcing SSH private key file names.
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
Aggregated wordlist pulled from commonly used tools for discovery, enumeration, fuzzing, and exploitation.
Study materials for the Certified Red Team Pentesting (CRTP) exam, covering essential concepts in red teaming and penetration testing
Python tool for enumerating directories and files on web servers that contain a publicly readable .ds_store file.
Fast and lightweight, UDPX is a single-packet UDP scanner written in Go that supports the discovery of over 45 services with the ability to add custom ones. It is easy to use and portable, and can be ...
An in-depth guide to help people who are new to penetration testing or red teaming and are looking to gain an overview of the penetration testing process. This guide will focus on both the penetratio...
SSH Private Key Looting Wordlists. A collection of wordlists to aid in locating or brute-forcing SSH private key file names.
The tool 𝗲𝗻𝘂𝗺𝘅 is a framework built for Kali Linux that uses a plethora of existing pentesting tools as plugins in order to simplify and standardize the enumeration stage at a simplistic level. I...
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A fast, simple, recursive content discovery tool written in Rust.
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
linWinPwn is a bash script that streamlines the use of a number of Active Directory tools
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Automated NoSQL database enumeration and web application exploitation tool.
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
SSH Private Key Looting Wordlists. A collection of wordlists to aid in locating or brute-forcing SSH private key file names.
The tool 𝗲𝗻𝘂𝗺𝘅 is a framework built for Kali Linux that uses a plethora of existing pentesting tools as plugins in order to simplify and standardize the enumeration stage at a simplistic level. I...
Notes, research, and methodologies for becoming a better hacker. Knowledge should be free.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
Python tool for enumerating directories and files on web servers that contain a publicly readable .ds_store file.
Incursore came from nmapAutomator to be your personal raider while you enumerate a target.
Bruter is an OSINT tooling, an experiment to build a reconnaissance simple app to have fun 🕵️♂️
Active Directory Penetration Testing for Red Teams
This cheat sheet outlines common enumeration and attack methods for Windows Active Directory using PowerShell.
Unauthenticated enumeration of AWS, Azure, and GCP Principals
Study materials for the Certified Red Team Pentesting (CRTP) exam, covering essential concepts in red teaming and penetration testing
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
SMTP user enumeration via VRFY, EXPN and RCPT with clever timeout, retry and reconnect functionality.
CHOMTE.SH is a powerful shell script designed to automate reconnaissance tasks during penetration testing. It utilizes various Go-based tools to gather information and identify the attack surface, mak...