Trending repositories for topic pentest-tool
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
The most powerful CRLF injection (HTTP Response Splitting) scanner.
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
The most powerful CRLF injection (HTTP Response Splitting) scanner.
A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.
Improved SMTP Checker / SMTP Cracker with proxy-support, inbox test and many more features.
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
收集网上好用、实用的红蓝对抗武器。从资产扫描、泄漏扫描、信息收集、漏洞扫描、SRC批量挖掘、内网渗透、应急响应等等工具。 大部分我都用过、部分会写上自己的感想与建议,希望对你有帮助
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
A tool for logging data/testing devices with a Wiegand Interface. Can be used to create a portable RFID reader or installed directly into an existing installation. Provides access to a web based inter...
RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.
The most powerful CRLF injection (HTTP Response Splitting) scanner.
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guideline...
The most powerful CRLF injection (HTTP Response Splitting) scanner.
Tool set for Information security professionals and all others
Improved SMTP Checker / SMTP Cracker with proxy-support, inbox test and many more features.
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.
收集网上好用、实用的红蓝对抗武器。从资产扫描、泄漏扫描、信息收集、漏洞扫描、SRC批量挖掘、内网渗透、应急响应等等工具。 大部分我都用过、部分会写上自己的感想与建议,希望对你有帮助
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting informat...
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Official Kali Linux tool to check all urls of a domain for SQL injections :)
SecretScraper is a web scraper that crawl through target websites, scrape from http response and extract secret information via regular expression.
📦 1000+ Statically Linked Binaries & Build Scripts for Android (arm64-v8a), Linux (aarch64 | x86-64), Windows (AMD64) :: https://bin.ajam.dev
Supernova 的中文版和扩展了一些加密方式(ROT, XOR, RC4, AES, CHACHA20, B64XOR, B64RC4, B64AES, B64CHACHA20)
Apache Tomcat exploit and Pentesting guide for penetration tester
A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.
Tool set for Information security professionals and all others
Sniffcon has a wide list of powerful online bug bounty tools which can be used to find security vulnerabilities.
SMTP user enumeration via VRFY, EXPN and RCPT with clever timeout, retry and reconnect functionality.
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guideline...
SBSCAN是一款专注于spring框架的渗透测试工具,可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive inf...
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
收集网上好用、实用的红蓝对抗武器。从资产扫描、泄漏扫描、信息收集、漏洞扫描、SRC批量挖掘、内网渗透、应急响应等等工具。 大部分我都用过、部分会写上自己的感想与建议,希望对你有帮助
一款支持多人协作的渗透测试图形化框架、支持lua插件扩展、域前置/CDN上线、自定义多个模块、自定义shellcode、文件管理、进程管理、内存加载、反向代理等功能
SBSCAN是一款专注于spring框架的渗透测试工具,可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive inf...
Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments
Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. ⚡
内网探测工具(Internal network detection tool that not contain any exploit code)
Official Kali Linux tool to check all urls of a domain for SQL injections :)
📦 1000+ Statically Linked Binaries & Build Scripts for Android (arm64-v8a), Linux (aarch64 | x86-64), Windows (AMD64) :: https://bin.ajam.dev
Supernova 的中文版和扩展了一些加密方式(ROT, XOR, RC4, AES, CHACHA20, B64XOR, B64RC4, B64AES, B64CHACHA20)
A small script to resolve domains to Azure AD tenants (and OAuth login portals)
SecretScraper is a web scraper that crawl through target websites, scrape from http response and extract secret information via regular expression.
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
一款支持多人协作的渗透测试图形化框架、支持lua插件扩展、域前置/CDN上线、自定义多个模块、自定义shellcode、文件管理、进程管理、内存加载、反向代理等功能
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting informat...
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
linWinPwn is a bash script that streamlines the use of a number of Active Directory tools
A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.
内网探测工具(Internal network detection tool that not contain any exploit code)
一款支持多人协作的渗透测试图形化框架、支持lua插件扩展、域前置/CDN上线、自定义多个模块、自定义shellcode、文件管理、进程管理、内存加载、反向代理等功能
A small script to resolve domains to Azure AD tenants (and OAuth login portals)
SecretScraper is a web scraper that crawl through target websites, scrape from http response and extract secret information via regular expression.
Minimal web server enumeration & attack surface detection tool based on results of nmap.
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
An application that utilizes fast AF_XDP Linux sockets to generate and send network packets. Used for penetration testing including Denial of Service (DoS) and network monitoring.
The great Microsoft exchange hack: A penetration tester’s guide (exchange penetration testing)
😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with default credentials.
Apache Tomcat exploit and Pentesting guide for penetration tester