Trending repositories for topic pentest-tool
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
⚡ A subdomain enumeration tool leveraging diverse techniques, designed for advanced pentesting operations
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
A high performance offensive security tool for reconnaissance and vulnerability scanning
The LAZY script will make your life easier, and of course faster.
⚡ A subdomain enumeration tool leveraging diverse techniques, designed for advanced pentesting operations
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
The Largest Collection of Pre-Compiled (+ UPXed) Linux Static Binaries 📦📀 for Soar: The true, simple & suckless Linux User Repository/Package Manager:: https://github.com/pkgforge/soar [repo=pkgforg...
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
收集网上好用、实用的红蓝对抗武器。从资产扫描、泄漏扫描、信息收集、漏洞扫描、SRC批量挖掘、内网渗透、应急响应等等工具。 大部分我都用过、部分会写上自己的感想与建议,希望对你有帮助
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点
⚡ A subdomain enumeration tool leveraging diverse techniques, designed for advanced pentesting operations
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
红/蓝队环境自动化部署工具 | Red/Blue team environment automation deployment tool
⚡ A subdomain enumeration tool leveraging diverse techniques, designed for advanced pentesting operations
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
Official Kali Linux tool to check all urls of a domain for SQL injections :)
All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.
The Largest Collection of Pre-Compiled (+ UPXed) Linux Static Binaries 📦📀 for Soar: The true, simple & suckless Linux User Repository/Package Manager:: https://github.com/pkgforge/soar [repo=pkgforg...
vMass Bot :hook: Vulnerability Scanner & Auto Exploiter Tool Written in Perl.
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
🎭 SBSCAN是一款专注于spring框架的渗透测试工具,可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive ...
An application that utilizes fast AF_XDP Linux sockets to generate and send network packets. Used for penetration testing including Denial of Service (DoS) and network monitoring. Made by @gamemann!
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
Automation for internal Windows Penetrationtest / AD-Security
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
⚡ A subdomain enumeration tool leveraging diverse techniques, designed for advanced pentesting operations
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
Official Kali Linux tool to check all urls of a domain for SQL injections :)
Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
The Largest Collection of Pre-Compiled (+ UPXed) Linux Static Binaries 📦📀 for Soar: The true, simple & suckless Linux User Repository/Package Manager:: https://github.com/pkgforge/soar [repo=pkgforg...
Packet monster (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) TUI tool for sending packets of arbitrary input and monitoring packets on any network interfaces (default: eth0).
The great Microsoft exchange hack: A penetration tester’s guide (exchange penetration testing)
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
İçerisinde her biri özenle yazılmış, 80'den fazla siber güvenlik aracı bulunan kapsamlı bir siber güvenlik aracı.
An application that utilizes fast AF_XDP Linux sockets to generate and send network packets. Used for penetration testing including Denial of Service (DoS) and network monitoring. Made by @gamemann!
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
Official Kali Linux tool to check all urls of a domain for SQL injections :)
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
Packet monster (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) TUI tool for sending packets of arbitrary input and monitoring packets on any network interfaces (default: eth0).
Fully automated windows credentials dumper, for SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.
SecretScraper is a web scraper that crawl through target websites, scrape from http response and extract secret information via regular expression.
Supernova 的中文版和扩展了一些加密方式(ROT, XOR, RC4, AES, CHACHA20, B64XOR, B64RC4, B64AES, B64CHACHA20)
A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.
⚡ A subdomain enumeration tool leveraging diverse techniques, designed for advanced pentesting operations
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
渗透测试C2、支持Lua插件扩展、域前置/CDN上线、自定义profile、前置sRDI、文件管理、进程管理、内存加载、截图、反向代理、分组管理
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting informat...
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
渗透测试C2、支持Lua插件扩展、域前置/CDN上线、自定义profile、前置sRDI、文件管理、进程管理、内存加载、截图、反向代理、分组管理
The Largest Collection of Pre-Compiled (+ UPXed) Linux Static Binaries 📦📀 for Soar: The true, simple & suckless Linux User Repository/Package Manager:: https://github.com/pkgforge/soar [repo=pkgforg...
SecretScraper is a web scraper that crawl through target websites, scrape from http response and extract secret information via regular expression.
Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. ⚡
WConsole Extractor is a python library which automatically exploits a Werkzeug development server in debug mode. You just have to write a python function that leaks a file content and you have your sh...
Minimal web server enumeration & attack surface detection tool based on results of nmap.
İçerisinde her biri özenle yazılmış, 80'den fazla siber güvenlik aracı bulunan kapsamlı bir siber güvenlik aracı.
🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python
😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with default credentials.
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
