Trending repositories for topic pentesting
Hunt down social media accounts by username across social networks
Test your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command ...
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
🔍 An OSINT tool for discovering linked social accounts and associated emails across multiple platforms using a single username.
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.
JSSCM detects expired domains for Stored XSS exploitation during browsing.
Advanced phishing tool | Automated Self-Hosting | SSH tunneling | 32+ Templates | Remastered version of xHak9x. (The only one you will find which is working fr)
🔍 An OSINT tool for discovering linked social accounts and associated emails across multiple platforms using a single username.
A project for the ESP32 that allows you to deauthenticate stations connected to WiFi networks
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL
RedTiger-Tools is a free multi-tool with many features in the areas of Cybersecurity, Pentesting, OSINT, Network Scanning, Discord and Hacking.
An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
Attack surface detector that identifies endpoints by static analysis
Track the GPS location of the user's smartphone or PC and capture a picture of the target, along with IP and device information.
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻
Hunt down social media accounts by username across social networks
Test your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command ...
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
JSSCM detects expired domains for Stored XSS exploitation during browsing.
RedTiger-Tools is a free multi-tool with many features in the areas of Cybersecurity, Pentesting, OSINT, Network Scanning, Discord and Hacking.
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
JSSCM detects expired domains for Stored XSS exploitation during browsing.
A curated list of essential digital forensics tools used for investigation, data recovery, and security analysis. These tools help in disk forensics, memory analysis, network monitoring, malware analy...
Google Dorks that can be used for penetration testing, security research, and information gathering.
This repo Gathers all available cve exploits from github.⚠️ Be careful Malware.
This repository contains a comprehensive collection of learning resources and notes that I've gathered on various topics, including cybersecurity, bug bounty, API security, cloud security, and more. ...
A project for the ESP32 that allows you to deauthenticate stations connected to WiFi networks
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
Advanced phishing tool | Automated Self-Hosting | SSH tunneling | 32+ Templates | Remastered version of xHak9x. (The only one you will find which is working fr)
RedTiger-Tools is a free multi-tool with many features in the areas of Cybersecurity, Pentesting, OSINT, Network Scanning, Discord and Hacking.
Modern web-based distributed hashcracking solution, built on hashcat
Pegasus, the Spyware that represents a significant Offensive Colonel.
This is CheatSheet which I used on PJPT exam to fully compromise Domain Controller by doing internal network penentration testing.
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
Blackdagger is a DAG-based automation tool specifically used in DevOps, DevSecOps, MLOps, MLSecOps, and Continuous Red Teaming (CART).
A curated list of essential digital forensics tools used for investigation, data recovery, and security analysis. These tools help in disk forensics, memory analysis, network monitoring, malware analy...
Google Dorks that can be used for penetration testing, security research, and information gathering.
Hunt down social media accounts by username across social networks
Test your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command ...
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
A collection of hacking tools, resources and references to practice ethical hacking.
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Physical penetration testing is a critical aspect of security assessment that involves simulating real-world attacks to evaluate the effectiveness of physical security controls.
JSSCM detects expired domains for Stored XSS exploitation during browsing.
RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL
This repo Gathers all available cve exploits from github.⚠️ Be careful Malware.
A collection of useful lists for Penetration Testing & Bug Bounty - Content Discovery, Payloads, Variables, Sandbox Escaping, etc
This repository contains a comprehensive collection of learning resources and notes that I've gathered on various topics, including cybersecurity, bug bounty, API security, cloud security, and more. ...
My ESP32-Deauther ported to the RTL8720dn, allowing users to deauthenticate on 5GHz now!
A project for the ESP32 that allows you to deauthenticate stations connected to WiFi networks
Welcome to the ultimate list of resources for AI in cybersecurity. This repository aims to provide an organized collection of high-quality resources to help professionals, researchers, and enthusiasts...
WifiForge is a tool developed by Black Hills InfoSec to help train Pentesters on different Wi-Fi attack vectors and Wireless capabilities.
Modern web-based distributed hashcracking solution, built on hashcat
A detailed plan to achieve proficiency in hacking and penetration testing, with pathways including obtaining a degree in cybersecurity or earning relevant certifications.
🔍 An OSINT tool for discovering linked social accounts and associated emails across multiple platforms using a single username.
CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH
BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...
Official Kali Linux tool to check all urls of a domain for SQL injections :)
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
WifiForge is a tool developed by Black Hills InfoSec to help train Pentesters on different Wi-Fi attack vectors and Wireless capabilities.
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
My ESP32-Deauther ported to the RTL8720dn, allowing users to deauthenticate on 5GHz now!
RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging
Packet monster (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) TUI tool for sending packets of arbitrary input and monitoring packets on any network interfaces (default: eth0).
Simple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy
All knowledge I gained from CTFs, real life penetration testing and learning by myself.
A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.
A comprehensive collection of resources, tools, tips, and guides for preparing and succeeding in the OSCP (Offensive Security Certified Professional) certification.
Hunt down social media accounts by username across social networks
Test your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command ...
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
A collection of hacking tools, resources and references to practice ethical hacking.
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...
🔍 An OSINT tool for discovering linked social accounts and associated emails across multiple platforms using a single username.
CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH
RedTiger-Tools is a free multi-tool with many features in the areas of Cybersecurity, Pentesting, OSINT, Network Scanning, Discord and Hacking.
A comprehensive collection of resources, tools, tips, and guides for preparing and succeeding in the OSCP (Offensive Security Certified Professional) certification.
Simple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
Kali-ios brings the power and versatility of Kali Linux right at your fingertips. It allows users to access Kali in text mode through a terminal emulator from their iOS devices and to leverage the com...
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
Morgan is a powerful tool designed to help security researchers, developers, and security auditors identify sensitive information, vulnerabilities, and potential risks within JavaScript files on websi...
SecretScraper is a web scraper that crawl through target websites, scrape from http response and extract secret information via regular expression.
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
PoC - Authenticated Remote Code Execution in VMware vCenter Server (Exploit)
RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging
Helping Ethical Hackers use LLMs in 50 Lines of Code or less..
Modern web-based distributed hashcracking solution, built on hashcat
Two in one, patch lifetime powershell console, no more etw and amsi!
The IoT security toolkit to help identify IoT related dashboards and scan them for default passwords and vulnerabilities.
