Trending repositories for topic pentesting
Hunt down social media accounts by username across social networks
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Test your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command ...
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
A collection of hacking tools, resources and references to practice ethical hacking.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
⚡ A subdomain enumeration tool leveraging diverse techniques, designed for advanced pentesting operations
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
My ESP32-Deauther ported to the RTL8720dn, allowing users to deauthenticate on 5GHz now!
Virtualized WiFi pentesting laboratory without the need for physical WiFi cards, using mac80211_hwsim. Docker version of WiFiChallenge Lab with modifications in the challenges and improved stability. ...
A project for the ESP32 that allows you to deauthenticate stations connected to WiFi networks
Kali-ios brings the power and versatility of Kali Linux right at your fingertips. It allows users to access Kali in text mode through a terminal emulator from their iOS devices and to leverage the com...
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
A bluetooth control script for all your Bluetooth devices DoS needs.
A deauth attack that disconnects all devices from the target wifi network (2.4Ghz & 5Ghz)
This repository provides penetration testers and red teams with an extensive collection of dynamic phishing templates designed specifically for use with Evilginx3. May be updated periodically.
Whitebox source code review cheatsheet (Based on AWAE syllabus)
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
Template-based shellcode packer written in Rust, with indirect syscall support. Made with <3 for pentesters.
Hunt down social media accounts by username across social networks
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
Test your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command ...
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
A collection of hacking tools, resources and references to practice ethical hacking.
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
⚡ A subdomain enumeration tool leveraging diverse techniques, designed for advanced pentesting operations
Blackdagger is a DAG-based automation tool specifically used in DevOps, DevSecOps, MLOps, MLSecOps, and Continuous Red Teaming (CART).
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
My ESP32-Deauther ported to the RTL8720dn, allowing users to deauthenticate on 5GHz now!
C++ SSL/TLS REVERSE SHELL, designed to provide secure, encrypted communication between a compromised client and an attacker, while blending seamlessly into HTTP traffic.
A project for the ESP32 that allows you to deauthenticate stations connected to WiFi networks
Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hack...
CTF/Cyber Security learning source from beginner to neutral level
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
Virtualized WiFi pentesting laboratory without the need for physical WiFi cards, using mac80211_hwsim. Docker version of WiFiChallenge Lab with modifications in the challenges and improved stability. ...
Kali-ios brings the power and versatility of Kali Linux right at your fingertips. It allows users to access Kali in text mode through a terminal emulator from their iOS devices and to leverage the com...
Two in one, patch lifetime powershell console, no more etw and amsi!
A couple of different scripts, made to automate attacks against NoSQL databases.
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning
A pure PowerShell solution for Entra OAuth authentication, enabling easy retrieval of access and refresh tokens
C++ SSL/TLS REVERSE SHELL, designed to provide secure, encrypted communication between a compromised client and an attacker, while blending seamlessly into HTTP traffic.
Hunt down social media accounts by username across social networks
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
Test your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command ...
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
⚡ A subdomain enumeration tool leveraging diverse techniques, designed for advanced pentesting operations
C++ SSL/TLS REVERSE SHELL, designed to provide secure, encrypted communication between a compromised client and an attacker, while blending seamlessly into HTTP traffic.
oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning
A pure PowerShell solution for Entra OAuth authentication, enabling easy retrieval of access and refresh tokens
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
A project for the ESP32 that allows you to deauthenticate stations connected to WiFi networks
My ESP32-Deauther ported to the RTL8720dn, allowing users to deauthenticate on 5GHz now!
Blackdagger is a DAG-based automation tool specifically used in DevOps, DevSecOps, MLOps, MLSecOps, and Continuous Red Teaming (CART).
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Some Useful Tricks for Pentest Android and iOS Apps
Reverse engineered to remove IOCs, added Exchange Online Protection IP blacklist and bing-bot user-agent blocking, DNS configuration and notes on usage.
A detailed plan to achieve proficiency in hacking and penetration testing, with pathways including obtaining a degree in cybersecurity or earning relevant certifications.
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH
Collection of cheat sheets useful for pentesting
BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...
Official Kali Linux tool to check all urls of a domain for SQL injections :)
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
This Repo serves as a collection of shared security and penetration testing resources for the cloud.
Kali-ios brings the power and versatility of Kali Linux right at your fingertips. It allows users to access Kali in text mode through a terminal emulator from their iOS devices and to leverage the com...
The IoT security toolkit to help identify IoT related dashboards and scan them for default passwords and vulnerabilities.
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
Contains a collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environments. The scripts automate various tasks including LDAP querying, ...
A general purpose cheat sheet for pentesting and OSCP certification
All knowledge I gained from CTFs, real life penetration testing and learning by myself.
Hunt down social media accounts by username across social networks
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Test your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command ...
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
A collection of hacking tools, resources and references to practice ethical hacking.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...
Athena OS Nix configuration files focused on Cybersecurity. Learn, practice and enjoy with any hacking tool!
CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
The perfect butler for pentesters, bug-bounty hunters and security researchers
Helping Ethical Hackers use LLMs in 50 Lines of Code or less..
🧑🏻💻 Professional bspwm desktop environment for kali linux for hacking, of all kinds, with custom shortcuts, scripts, s4vitar configurations, among other things.
This repo offers notes and resources on ethical hacking, covering information gathering, scanning, web hacking, exploitation, and Windows/Linux hacking.
An auto-updating list of shodan dorks with info on the amount of results they return!
A fast and comprehensive tool for organizational network scanning
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
This Repo serves as a collection of shared security and penetration testing resources for the cloud.
SecretScraper is a web scraper that crawl through target websites, scrape from http response and extract secret information via regular expression.