Stars
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Best DDoS Attack Script Python3, (Cyber / DDos) Attack With 56 Methods
CTF framework and exploit development library
🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
Scanning APK file for URIs, endpoints & secrets.
Automated All-in-One OS Command Injection Exploitation Tool.
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…
A python script that finds endpoints in JavaScript files
pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Tools & Interesting Things for RedTeam Ops
A Python based ingestor for BloodHound
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
BloodyAD is an Active Directory Privilege Escalation Framework
Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems
Perform a MitM attack and extract clear text credentials from RDP connections
Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components throug…
PoC for Zerologon - all research credits go to Tom Tervoort of Secura