Trending repositories for topic pentest
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Program for determining types of files for Windows, Linux and MacOS.
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
Ladon大型内网渗透工具,可PowerShell模块化、可CS插件化、可内存加载,无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\S...
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
Collection of cheat sheets useful for pentesting
A fast DOM based XSS vulnerability scanner with simplicity.
Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀
Collection of cheat sheets useful for pentesting
Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. ⚡
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
A deauth attack that disconnects all devices from the target wifi network (2.4Ghz & 5Ghz)
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
A fast DOM based XSS vulnerability scanner with simplicity.
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
A little tool to play with Azure Identity - Azure Active Directory lab creation tool
Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Program for determining types of files for Windows, Linux and MacOS.
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
Ladon大型内网渗透工具,可PowerShell模块化、可CS插件化、可内存加载,无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\S...
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
Collection of cheat sheets useful for pentesting
A fast DOM based XSS vulnerability scanner with simplicity.
Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀
Collection of cheat sheets useful for pentesting
Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. ⚡
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
A deauth attack that disconnects all devices from the target wifi network (2.4Ghz & 5Ghz)
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
A fast DOM based XSS vulnerability scanner with simplicity.
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
A little tool to play with Azure Identity - Azure Active Directory lab creation tool
Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
Program for determining types of files for Windows, Linux and MacOS.
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
A collection of hacking tools, resources and references to practice ethical hacking.
Frida Script Runner is a versatile web-based tool designed for Android and iOS penetration testing purposes.
Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
A list of resources for those interested in getting started in bug bounties
Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀
A fast, simple, recursive content discovery tool written in Rust.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
Frida Script Runner is a versatile web-based tool designed for Android and iOS penetration testing purposes.
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.
MapperPlus facilitates the extraction of source code from a collection of targets that have publicly exposed .js.map files.
A deauth attack that disconnects all devices from the target wifi network (2.4Ghz & 5Ghz)
Some Useful Tricks for Pentest Android and iOS Apps
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Collection of cheat sheets useful for pentesting
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
Frida Script Runner is a versatile web-based tool designed for Android and iOS penetration testing purposes.
Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. ⚡
Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution
An auto-updating list of shodan dorks with info on the amount of results they return!
VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data exfiltration techniques used by advanced threat actors, allowin...
The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the AWS cl...
Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
Fully automated windows credentials dumper, for SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.
CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Program for determining types of files for Windows, Linux and MacOS.
A collection of hacking tools, resources and references to practice ethical hacking.
A list of resources for those interested in getting started in bug bounties
A fast, simple, recursive content discovery tool written in Rust.
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
A deauth attack that disconnects all devices from the target wifi network (2.4Ghz & 5Ghz)
Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀
CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
A cheatsheet of tools and commands that I use to pentest Active Directory.
Some Useful Tricks for Pentest Android and iOS Apps
