Stars
An opinionated list of awesome Python frameworks, libraries, software and resources.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Automatic SQL injection and database takeover tool
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Impacket is a collection of Python classes for working with network protocols.
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
Incredibly fast crawler designed for OSINT.
Fast subdomains enumeration tool for penetration testers
Wrong project! You should head over to http://github.com/sshuttle/sshuttle
A swiss army knife for pentesting networks
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
A suite of utilities for converting to and working with CSV, the king of tabular file formats.
lgandx / Responder
Forked from SpiderLabs/ResponderResponder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…
Tool for partial deblobbing of Intel ME/TXE firmware images
Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…
A python script that finds endpoints in JavaScript files
A familiar HTTP Service Framework for Python.
Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors
Privilege Escalation Project - Windows / Linux / Mac
cve-search - a tool to perform local searches for known vulnerabilities
JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
Generates permutations, alterations and mutations of subdomains and then resolves them