Stars
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readines…
Automated cryptocurrency trading bot
Rewrite of the popular wireless network auditor, "wifite"
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
A recursive internet scanner for hackers.
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.
Tool for Active Directory Certificate Services enumeration and abuse
Tools & Interesting Things for RedTeam Ops
Extract credentials from lsass remotely
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
A collection of Azure AD/Entra tools for offensive and defensive security purposes
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Codebase to generate an msdt-follina payload
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
Perform a MitM attack and extract clear text credentials from RDP connections
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.