Trending repositories for topic pentest
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Program for determining types of files for Windows, Linux and MacOS.
A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.
A fast, simple, recursive content discovery tool written in Rust.
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
A collection of hacking tools, resources and references to practice ethical hacking.
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Collection of the cheat sheets useful for pentesting
JShunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀
A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.
A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform
Automated tool for patching APKs to enable the use of Frida gadget by downloading the library and injecting code into the main activity.
A deauth attack that disconnects all devices from the target wifi network (2.4Ghz & 5Ghz)
Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.
This map lists the essential techniques to bypass anti-virus and EDR
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Program for determining types of files for Windows, Linux and MacOS.
JShunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
A fast, simple, recursive content discovery tool written in Rust.
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.
A collection of hacking tools, resources and references to practice ethical hacking.
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke...
A deauth attack that disconnects all devices from the target wifi network (2.4Ghz & 5Ghz)
JShunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
C++ SSL/TLS REVERSE SHELL, designed to provide secure, encrypted communication between a compromised client and an attacker, while blending seamlessly into HTTP traffic.
Some Useful Tricks for Pentest Android and iOS Apps
Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀
A deauth attack that disconnects all devices from the target wifi network (2.4Ghz & 5Ghz)
Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
Python Script for Telegram Bot is specially built for pentest & bug bounty. It's like a telegram shell.
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Automated tool for patching APKs to enable the use of Frida gadget by downloading the library and injecting code into the main activity.
List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
C++ SSL/TLS REVERSE SHELL, designed to provide secure, encrypted communication between a compromised client and an attacker, while blending seamlessly into HTTP traffic.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Program for determining types of files for Windows, Linux and MacOS.
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
A fast, simple, recursive content discovery tool written in Rust.
一个想让你测试加密流量像测试明文一样简单高效的 Burp 插件。 A Burp plugin that makes testing encrypted traffic as simple and efficient as testing plaintext.
A collection of hacking tools, resources and references to practice ethical hacking.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
C++ SSL/TLS REVERSE SHELL, designed to provide secure, encrypted communication between a compromised client and an attacker, while blending seamlessly into HTTP traffic.
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀
Some Useful Tricks for Pentest Android and iOS Apps
A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.
一个想让你测试加密流量像测试明文一样简单高效的 Burp 插件。 A Burp plugin that makes testing encrypted traffic as simple and efficient as testing plaintext.
Automated tool for patching APKs to enable the use of Frida gadget by downloading the library and injecting code into the main activity.
List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.
ThreatTracer - A python Script to identify CVE by name & version by @FR13ND0x7F
A deauth attack that disconnects all devices from the target wifi network (2.4Ghz & 5Ghz)
Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
一个想让你测试加密流量像测试明文一样简单高效的 Burp 插件。 A Burp plugin that makes testing encrypted traffic as simple and efficient as testing plaintext.
Collection of cheat sheets useful for pentesting
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
Frida Script Runner is a versatile web-based tool designed for Android and iOS penetration testing purposes.
Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution
An auto-updating list of shodan dorks with info on the amount of results they return!
Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data exfiltration techniques used by advanced threat actors, allowin...
The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the AWS cl...
Fully automated windows credentials dumper, for SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.
CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution
A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Program for determining types of files for Windows, Linux and MacOS.
A collection of hacking tools, resources and references to practice ethical hacking.
A list of resources for those interested in getting started in bug bounties
A fast, simple, recursive content discovery tool written in Rust.
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
一个想让你测试加密流量像测试明文一样简单高效的 Burp 插件。 A Burp plugin that makes testing encrypted traffic as simple and efficient as testing plaintext.
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
A deauth attack that disconnects all devices from the target wifi network (2.4Ghz & 5Ghz)
Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀
Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. ⚡
CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
A cheatsheet of tools and commands that I use to pentest Active Directory.
C++ SSL/TLS REVERSE SHELL, designed to provide secure, encrypted communication between a compromised client and an attacker, while blending seamlessly into HTTP traffic.
Some Useful Tricks for Pentest Android and iOS Apps