A curated list of my GitHub stars! Generated by starred
[Emacs Lisp](#emacs lisp)
[Jupyter Notebook](#jupyter notebook)
[Visual Basic](#visual basic)
- Violent-Python - Code that I adapted from the "Violent Python" book
WHID - Available on eBay & Aliexpress / WiFi HID Injector for Fun & Profit - An USB Rubberducky / BadUSB On Steroids.
arduino - my arduino sketches
arduino - A repository of arduino scripts I've written, generally for home automation
Arduino-POV - Arduino Controlled POV Display
malware - Проекты участников, выложенные в образовательных целях.
anti-analysis-tricks - Bunch of techniques potentially used by malware to detect analysis environments
tools - security and hacking tools, exploits, proof of concepts, shellcodes, scripts
- SetMace - Manipulate timestamps on NTFS
WinEnum - Toolkit to detected abnormal activities on a Windows machine.
ShadowBrokers - Guides, Tools, Tips and such for working with the Shadow Brokers dumps
ReportCompiler - A tool for importing vulnerability scanner data and then allowing you to manipulate the risks, affected hosts, and create risk ordered output.
demos - Demos of various injection techniques found in malware
shellcode - A collection of shellcodes
Unix-Privilege-Escalation-Exploits-Pack - Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.
SECCON2016_online_CTF - SECCON2016 online CTF for public
ms16-098 - Windows 8.1 x64 Exploit for MS16-098 RNGOBJ_Integer_Overflow
eaphammer - Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
dinput-proxy-dll - complete reverse engineering of all internal structs and vtable methods
ShellcodeDriver - Windows driver to execute arbitrary usermode code (essentially same vulnerability as capcom.sys)
armadito-av - Armadito antivirus main repository
pyrsistence - A Python extension for managing External Memory Data Structures (EMDs)
injectdso - A collection of tools for injecting DSOs in processes under various operating systems
CDIR - CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
zos - RACF and z/OS tools and info
LiME - LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
write-ups-2016 - Wiki-like CTF write-ups repository, maintained by the community. 2016
pentestkoala - Modified dropbear server which acts as a client and allows authless login
Privilege-Escalation - This contains common local exploits and enumeration scripts
pbscan - faster and more efficient stateless syn scanner and banner grabber due to userland TCP/IP stack usage
avet - AntiVirus Evasion Tool
nsjail - A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters (with help of the kafel bpf language)
caos - Calcium OS project for x86_64
lcamtuf-memfetch - Memfetch is a simple utility to dump all memory of a running process, either immediately or when a fault condition is discovered. It is an attractive alternative to the vastly inferior search capabilities of many debuggers and tracers - and a convenient way to grab "screenshots" from many types of text-based interactive utilities.
syringe - A General Purpose DLL & Code Injection Utility
sslsplit - Transparent SSL/TLS interception
PuttyRider - Hijack Putty sessions in order to sniff conversation and inject Linux commands.
pigpio - pigpio is a C library for the Raspberry which allows control of the General Purpose Input Outputs (GPIO).
scan-tools - Scanning tools used in the Critical.IO research project
MEMZ - A trojan made for Danooct1's User Made Malware Series.
torsocks - Library to torify application - NOTE: upstream has been moved to https://gitweb.torproject.org/torsocks.git
cve-2013-2094 - original cve-2013-2094 exploit and a rewritten version for educational purposes
nginx-1.4.0 - For the analysis of CVE-2013-2028
nginxpwn - Exploitation Training -- CVE-2013-2028: Nginx Stack Based Buffer Overflow
DriveCrypt - DriveCrypt Dcr.sys vulnerability exploit
poc-exp - poc or exp of android vulnerability
scvs - Secure Coding Validation Suite
WIN_JELLY - Windows GPU RAT PoC by Team Jellyfish
jellyfish - GPU rootkit PoC by Team Jellyfish
Demon - GPU keylogger PoC by Team Jellyfish
how2heap - A repository for learning various heap exploitation techniques.
JohnTheRipper - This is the official repo for the Jumbo version of John the Ripper. The "bleeding-jumbo" branch (default) is based on 1.8.0-Jumbo-1 (but we are literally thousands of commits ahead of it). This is a bug tracker, not a support forum. It's also not the place to report bugs you see in any version of Jumbo other than the LATEST, from HERE! Thanks.
simple-rootkit - A simple attack against gcc and Python via kernel module, with highly detailed comments.
metasploit-payloads - Unified repository for different Metasploit Framework payloads
hidemyass - a post-exploit tool that carefully clean *NIX access logs
binflow - This is the new ftrace (https://github.com/elfmaster/ftrace) - Much faster, better resolution but not complete yet! :)
Beleth - Multi-threaded SSH Password Auditor
winfsp - Windows File System Proxy - FUSE for Windows
netsniff-ng - A Swiss army knife for your daily Linux network plumbing.
sniffles - Sniffles: Packet Capture Generator for IDS and Regular Expression Evaluation
Durvasav-BfPC - Durvasav is a bruteforce password cracker (BfPC) written in C.
zzuf - Application fuzzer
Zeus - NOT MY CODE! Zeus trojan horse - leaked in 2011, I am not the author. I have created this repository to make the access for study as easy as possible.
FunctionInterception - Overwrite functions in memory x86-32/64 on Linux, Mac & Windows
proxydroid - Global Proxy for Android
high-low-frequency-attack-defense-toolkits - High/Low frequency attack and defense tookits
linux.mirai - Leaked Linux.Mirai Source Code for Research/IoC Development Purposes
keylogger-osx - Very simple keylogger for self-quantifying on Mac OS X
PassiveFuzzFrameworkOSX - This framework is for fuzzing OSX kernel vulnerability based on passive inline hook mechanism in kernel mode.
elfit - ELF Infector's Toolkit
metasploit-loader - A client compatible with Metasploit's staging protocol
masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
pivoter - Pivoter is a proxy tool for pentesters to have easier lateral movement.
mimikatz - A little tool to play with Windows security
icmpsh - Simple reverse ICMP shell
post-exploitation - Post Exploitation Collection
sslscan - sslscan tests SSL/TLS enabled services to discover supported cipher suites
azazel - Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.
phc-winner-argon2 - The password hash Argon2, winner of PHC
Mermaid - Generate customized and undetectable exploits for Metasploit.
AFFLIBv3 - AFF is an open and extensible file format to store disk images and associated metadata.
0d1n - Web security tool to make fuzzing at HTTP, Beta
drool - DNS Replay Tool
wifi_ducky - Upload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4
passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup
MemoryModule - Library to load a DLL from memory.
MemoryModule - Library to load a DLL from memory.
A-journey-into-Radare2 - A series of tutorials about radare2 framework from https://www.megabeets.net
DoubleAgent - Zero-Day Code Injection and Persistence Technique
MBE - Course materials for Modern Binary Exploitation by RPISEC
onion-sites-that-dont-suck - Onion Sites That Don't Suck
OverTheWire-website - OverTheWire website
Publications - A list of published research documents
LiveProxies - High-performance asynchronous proxy checker
naxsi - NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
pcp - Pretty Curved Privacy
WindowsRegistryRootkit - Kernel rootkit, that lives inside the Windows registry values data
ThinkPwn - Lenovo ThinkPad System Management Mode arbitrary code execution 0day exploit
ExtractKeyMaster - Exploit that extracts Qualcomm's KeyMaster keys using CVE-2015-6639 and CVE-2016-2431
mbedtls - An open source, portable, easy to use, readable and flexible SSL library
dirtycow-vdso - PoC for Dirty COW (CVE-2016-5195)
PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
How-to-Make-a-Computer-Operating-System - How to Make a Computer Operating System in C++
dumpdecrypted - Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk. This tool is necessary for security researchers to be able to look under the hood of encryption.
shell-workshop - Materials from my Strange Loop 2014 workshop, Let's Build a Shell!
Mirai-Source-Code - Leaked Mirai Source Code for Research/IoC Development Purposes
Android_Kernel_CVE_POCs - A list of my CVE's with POCs
Hack-Night - Hack Night is an open weekly training session run by the ISIS lab.
littleblackbox - Database of private SSL/SSH keys for embedded devices
public-pentesting-reports - Curated list of public penetration test reports released by several consulting firms and academic security groups
pcileech - Direct Memory Access (DMA) Attack Software
iodine - Official git repo for iodine dns tunnel
reptyr - Reparent a running program to a new terminal
winafl - A fork of AFL for fuzzing Windows binaries
UACME - Defeating Windows User Account Control
research-rootkit - LibZeroEvil & the Research Rootkit project.
sudo - The Proof of Concept of vulnerabilities of Sudo session handling
fuzzgoat - A vulnerable, backdoored C program for testing fuzzers.
haka - Haka runtime
ccache - ccache - a fast compiler cache
radare2 - unix-like reverse engineering framework and commandline tools
wdpassport-utils - Code and information on how to unlock a WD My Passport drive in Linux.
ida-efiutils - Some scripts for IDA Pro to assist with reverse engineering EFI binaries
bgrep - Binary Grep
massdns - A high-performance DNS stub resolver for bulk lookups in C
parasite - Linux Runtime Process Injection Tool
zmap - ZMap Internet Scanner
netdata - Get control of your servers. Simple. Effective. Awesome. https://my-netdata.io/
linux - Linux kernel source tree
zmap - ZMap Internet Scanner
Exploitation - Windows Software Exploitation
dump1090_sdrplus - Dump1090_sdrplus is a Mode S decoder for Software Defined Radio (SDR) devices including RTL SDR, HackRF, Airspy and SDRplay.
8cc - A Small C Compiler
HubCap - ChromeCast HubCap exploit
exploit-database - The official Exploit Database repository
stfusip - System Integrity Protection (SIP) bypass for OSX 10.11.1 - 10.11.2 - 10.11.3
portapack-havoc - Custom firmware for the HackRF SDR + PortaPack H1 addon
libdeep-python - A python interface for the libdeep deep learning library
libdeep - A deep learning library for C/C++
CDIR-A - CDIR Analyzer - parser for data collected by CDIR Collector
KaniVola - Volatility GUI
oleviewdotnet - A .net OLE/COM viewer and inspector to merge functionality of OleView and Test Container
Potato - Windows privilege escalation through NTLM Relay and NBNS Spoofing
scallion - GPU-based Onion Hash generator
CScriptShell - CScriptShell, a Powershell Host running within cscript.exe
gray_hat_csharp_code - This repository contains full code examples from the book Gray Hat C#
QuasarRAT - Remote Administration Tool for Windows
DevAudit - Open-source, cross-platform, multi-purpose security auditing tool
dnSpy - .NET assembly editor, decompiler, and debugger
KeeThief - Methods for attacking KeePass 2.X databases, including extracting of encryption key material from memory.
PSAttack - A portable console aimed at making pentesting with PowerShell a little easier.
Windows-Hacks - Creative and unusual things that can be done with the Windows API.
lazykatz - Lazykatz is an automation developed to extract credentials from remote targets protected with AV and/or application whitelisting software.
PowerShell - PowerShell for every system!
Potato -
globalmousekeyhook - This library allows you to tap keyboard and mouse, detect and record their activity even when an application is inactive and runs in background.
netserializer - Fast(est?) .Net Serializer
xRAT - Remote Administration Tool for Windows
cameradar - Cameradar hacks its way into RTSP CCTV cameras
ShellcodeStdio - An extensible framework for easily writing compiler optimized position independent x86 shellcode for windows platforms.
exploits -
TinyNuke - zeus-style banking trojan
VM_CrackMe_1 - Simple and old virtual machine
anti-import - Simple way to hide win32 import
UniversalInject - Windows IME-based DLL injection. Able to inject a DLL without OpenProcess or a process handle being necessary..
certificate-transparency - Auditing for TLS certificates.
keepassx - KeePassX is a cross platform port of the windows application “Keepass Password Safe”.
git-crypt - Transparent file encryption in git
AdvancedMemoryChallenges - Advanced buffer overflow and memory corruption security challenges
dnscat2 -
Botnet - Botnet
process_replacement - Run one process as another under Windows
homesecurity - VISTA ICM replacement: Adruino firmware for Honeywell / Ademco Vista series security panels
drammer - Native binary for testing Android phones for the Rowhammer bug
johnny - The GUI frontend to the John the Ripper password cracker
netview - Netview enumerates systems using WinAPI calls
arybo - Manipulation, canonicalization and identification of mixed boolean-arithmetic symbolic expressions
apkstudio - Cross-platform Qt5 based IDE for reverse-engineering android applications.
slowhttptest - Application Layer DoS attack simulator
ansvif - A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.
Agafi - A gadget finder and a ROP-Chainer tool for x86 platforms
dllinjector - dll injection tool that implements various methods
rewolf-pcausa-exploit - PCAUSA Rawether for Windows Local Privilege Escalation
libfuzzer-workshop - Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.
iaito - A Qt and C++ GUI for radare2 reverse engineering framework
ddos-toolbox - DoS-Switchblade is a single tool that is a collection of testing tools for DoS
APIthet - An Application to security test RESTful web APIs.
androswat - tool to inspect, dump, modify, search and inject libraries into Android processes.
yontma - You'll never take me alive.
shadowd - The Shadow Daemon web application firewall server
I-know-where-your-page-lives - I Know Where Your Page Lives: Derandomizing the latest Windows 10 Kernel - ZeroNights 2016
ricochet - Anonymous peer-to-peer instant messaging
PJON - Digital communication protocol and framework for IOT. Compatible with Arduino, ESP8266, Teensy and Raspberry Pi.
rethinkdb - The open-source database for the realtime web.
rgat - An instruction trace visualisation tool for dynamic program analysis
Autoware - Open-source software for urban autonomous driving.
sslsniff - A tool for automated MITM attacks on SSL connections.
electron - Build cross platform desktop apps with JavaScript, HTML, and CSS
fcd - An optimizing decompiler
arduino-menusystem - Arduino library for implementing a menu system
cocos2d-x - Cocos2d-x is a suite of open-source, cross-platform, game-development tools used by millions of developers all over the world.
reconvillage - Repo for reconvillage.org website.
empire-web - PowerShell Empire Web Interface
NinjaLinux - Do you desire to be free? Do you desire to be invincible... now you can, introducing, NinjaLinux -- Scripts for pentesting.
hiddenillusion.github.io - Repo for https://hiddenillusion.github.io
l4ser.github.io - fuffateam
littleosbook.github.com - The HTML version of the book
secure-mobile-development - A Collection of Secure Mobile Development Best Practices
Public - A collection of all my publicly released material.
rednaga.github.io - Spicy Security Blog
hashview - A web front-end for password cracking and analytics
sharepass - A safe way to quickly share passwords when traditional encryption methods are unavailable.
Flatabulous - This is a Flat theme for Ubuntu and other Gnome based Linux Systems.
s4n7h0.github.io - Things I blog at devilslab.in
google-image-layout - A library help you to build Google like Image Gallery
You-Dont-Need-JavaScript - CSS is powerful, you can do a lot of things without JS.
hackathon-starter - A boilerplate for Node.js web applications
tutorials - A repository for the tutorial articles I am writing
gethead - HTTP Header Analysis Vulnerability Tool
- dnschain - A blockchain-based DNS + HTTP server that fixes HTTPS security, and more!
- BBB-Wifi-Radio - Internet Radio based on the Beaglebone Black platform
glugger - The fastest (and least featureful) DNS bruteforcer in the South
mkonion - A simple way to create a Tor onion service for existing Docker containers.
test_DHparams - test your Diffie-Hellman parameters for safe primes and right sizes
fzf - 🌸 A command-line fuzzy finder written in Go
cryptopals - Solutions to the Matasano Cryptopals challenges
extract-web-domains - Tool to extract domains/IP's from files
DBShield - Database firewall written in Go
tcpovericmp - TCP implementation over ICMP protocol to bypass firewalls
pen-utils - Trivial unixey pentest utilities
direnv - Unclutter your .profile
certspotter - Certificate Transparency Log Monitor
Go-SCP - Go programming language secure coding practices guide
alertmanager2es - Receives HTTP webhook notifications from AlertManager and inserts them into an Elasticsearch index for searching and analysis
frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
drone-burp - Parses a burp XML file into a lair project
autovpn - Easily connect to a VPN in a country of your choice.
dnsbrute - a fast domain brute tool
wuzz - Interactive cli tool for HTTP inspection
dns-reverse-proxy - DNS Reverse Proxy
BitBender - BitBender is a byte manipulation tool
HERCULES - HERCULES is a special payload generator that can bypass antivirus softwares.
EGESPLOIT - EGESPLOIT is a golang library for malware development
gobuster - Directory/file & DNS busting tool written in Go
cilium - Linux Native, HTTP Aware Networking and Security for Containers
usblockout - USBLockout monitors your user session and triggers Grsecurity Deny New USB feature.
oauth2_proxy - A reverse proxy that provides authentication with Google, Github or other provider
gotty - Share your terminal as a web application
find - High-precision indoor positioning framework for most wifi-enabled devices.
caddy - Fast, cross-platform HTTP/2 web server with automatic HTTPS
AuthTables - AuthTables is a microservice that helps detect "Account Take Over" caused by simple credential theft. If bad actors are stealing your users passwords, AuthTables may be useful.
ssh-chat - Chat over SSH.
cadvisor - Analyzes resource usage and performance characteristics of running containers.
batten - Hardening and Auditing Tool For Docker Hosts & Containers
habitus - A Build Flow Tool for Docker
seekret - Go library and command line to seek for secrets on various sources.
onionscan - OnionScan is a free and open source tool for investigating the Dark Web.
vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
Security_Ninjas_AppSec_Training - OpenDNS application security training program
network-examples - Linux networking examples and tutorials
html-form-send-email-via-google-script-without-server - 📧 An Example of using an HTML form (e.g: "Contact Us" on a website) to send Email without a Backend Server (using a Google Script)
AdminLTE - AdminLTE - Free Premium Admin control Panel Theme Based On Bootstrap 3.x
post-exploitation-wiki - Post Exploitation Wiki
Hack-Magazines - Collection of hacking magazines.
OSINT_Team_Links - Links for the OSINT Slack Team
python-pentesting - python-pentesting-tool
TwitGeoSpa - Geospatial analysis and simulation using Twitter data
RawSec - Static website hosted by GitHub Pages
DIY-Cybersecurity-For-Domestic-Violence - Abuse adapts to technology. You deserve privacy and compassion.
resources - Links and resources.
opsec-notes - OPSEC related notes from various sources
dockers - Uber tiny Docker images for all the things.
lorg - Apache Logfile Security Analyzer
mitigation-bounty - Later
Secure-Host-Baseline - Configuration guidance and files in support of the DoD Windows 10 Secure Host Baseline. iadgov
metasploitable3 - Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
engine - Droidefense: Advance Android Malware Analysis Framework
pwnwiki.github.io - PwnWiki - The notes section of the pentesters mind.
CyberPrep - Prep scripts and stuff for various bits and pieces
artkond.github.io - Security Notes
XSSJacking - Abusing Self-XSS and Clickjacking to trigger XSS
badssl.com - 🔒 Memorable site for testing clients against bad SSL configs.
null-puliya-markdown-automation - Automating Documentation, Presentation, Knowledge base using Markdown (Zero to Hero)
windowHijacking - A demo of altering an opened tab after a timer
portier.github.io - Website for Portier, an email-based, passwordless authentication that you can host yourself.
Hacking-Tools-Repository - A list of security/hacking tools that have been collected from the internet. Suggestions are welcomed.
devtools-detect - Detect if DevTools is open and its orientation
socialmedia-leak - A demo of cross origin login detection for most major web platforms
lunchbox - Demonstrate the use of Ansible best practices in a workshop
encrypted-media - Encrypted Media Extensions -- https://w3c.github.io/encrypted-media/
vulnreport - Open-source pentesting management and automation platform by Salesforce Product Security
awsm.css - Simple CSS library for semantic HTML markup
Excess-XSS - A comprehensive tutorial on cross-site scripting
warberry - WarBerryPi - Tactical Exploitation
Pastejacking - A demo of overriding what's in a person's clipboard
GoogleScraper - A Python module to scrape several search engines (like Google, Yandex, Bing, Duckduckgo, Baidu and others) by using proxies (socks4/5, http proxy) and with many different IP's, including asynchronous networking support (very fast).
gophish - Open-Source Phishing Toolkit
DVRF - The Damn Vulnerable Router Firmware Project
VulnDom - Bunch of Dom Based XSS scenarios
- fbctf - Platform to host Capture the Flag competitions
Airachnid-Burp-Extension - A Burp Extension to test applications for vulnerability to the Web Cache Deception attack
UltimateAndroidReference - 🚀 Ultimate Android Reference - Your Road to Become a Better Android Developer
Twitter-Follow-Exploit - Automated Twitter mass account creation and follow using Selenium and Tor VPN
jakstab - The Jakstab static analysis platform for binaries
challenges - Some of the challenges I wrote
AndroRW - PoC Ransomware for android
Luyten - An Open Source Java Decompiler Gui for Procyon
burplist -
burp-suite-error-message-checks - Burp Suite extension to passively scan for applications revealing server error messages
wifi-bruteforcer-fsecurify - Android application to brute force WiFi passwords without requiring a rooted device.
jpexs-decompiler - JPEXS Free Flash Decompiler
android-crackme-challenge - A collection of reverse engineering challenges for learning about the Android operating system and mobile security.
diva-android - DIVA Android - Damn Insecure and vulnerable App for Android
SecurityShepherd - Web and mobile application security training platform
rootbeer - Simple to use root checking Android library and sample app
binnavi - BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.
OWASP-WebScarab - OWASP WebScarab
jsql-injection - jSQL Injection is a Java application for automatic SQL database injection.
Burp-Non-HTTP-Extension - Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
DexHook - DexHook is a xposed module for capturing dynamically loaded dex files.
bifuz - Broadcast Intent FUZzing Framework for Android
WS-Attacker - WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum (http://nds.rub.de/ ) and the Hackmanit GmbH (http://hackmanit.de/).
swurg - Parses Swagger files into the BurpSuite for automating RESTful API testing – approved by Burp for inclusion in their official BApp Store.
drozer-agent - The Android Agent for the Mercury Security Assessment Framework.
PortAuthority - A handy systems and security-focused tool, Port Authority is a very fast Android port scanner. Port Authority also allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts.
graylog-plugin-threatintel - Graylog Processing Pipeline functions to enrich log messages with IoC information from threat intelligence databases
MoneyX - MoneyX is an intentionally vulnerable JSP application used for training developers in application security concepts.
Android-SSL-TrustKiller - Bypass SSL certificate pinning for most applications
flip-tables - Because pretty-printing text tables in Java should be easy.
zaproxy - The OWASP ZAP core project
burpdeveltraining - Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
Burp-Extensions - Central Repo for Burp extensions
jmxploit - A tool to analyse JMX API security level.
wycheproof - Project Wycheproof tests crypto libraries against known attacks.
TLS-Attacker - TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is developed by the Ruhr University Bochum (http://nds.rub.de/) and the Hackmanit GmbH (http://hackmanit.de/).
waffle - Enable drop-in Windows Single Sign On for popular Java web servers.
openhab1-addons - Add-ons for openHAB 1.x
Halcyon - First IDE for Nmap Script (NSE) Development.
cerealbox - Arduino-based network monitor
apkinspector - APKinspector is a powerful GUI tool for analysts to analyze the Android applications.
find-sec-bugs - The FindBugs plugin for security audits of Java web applications and Android applications. (Also work with Scala projects)
android-scripts - Collection of Android reverse engineering scripts
JAADAS - Joint Advanced Defect assEsment for android applications
afwall - AFWall+ (Android Firewall +) - iptables based firewall for Android
cortana-scripts - A collection of Cortana scripts that you may use with Armitage and Cobalt Strike 2.x. Cortana Scripts are not compatible with Cobalt Strike 3.x. Cobalt Strike 3.x uses a variant of Cortana called Aggressor Script.
DeepLearning - Deep Learning (Python, C, C++, Java, Scala, Go)
pwgen-for-bios - Password generator for BIOS
AllTheThings - Includes 5 Known Application Whitelisting/ Application Control Bypass Techniques in One File.
prepack - Prepack is a partial evaluator for JavaScript. Prepack rewrites a JavaScript bundle, resulting in JavaScript code that executes more efficiently.
HackVault - A container repository for my defensive/offensive hacks!
nothing-private - Using private browsing or icongito, Do you think you are safe?. 😄 👿 This will prove you, you're wrong.
Minions - Collaborative Distributed Scanning Application (Uses modified DNmap on backend)
Mocky - Generate custom HTTP responses, the simpler way to test your Web Services
Shellcode-Via-HTA - How To Execute Shellcode via HTA
Splunk-Web-Shell - Splunk Web Shell
splunk_app_sec_orchestration - Splunk App for Security Orchestration
Cryptii - Web application where you can convert, encode and decode content between different format systems
bettertls - BetterTLS: A Name Constraints test suite for HTTPS clients.
tcp-over-websockets - Tunnel TCP through WebSockets.
VSVBP - Black box tool for Vulnerability detection in web applications
noVNC - VNC client using HTML5 (Web Sockets, Canvas) with encryption (wss://) support.
https-everywhere - A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections.
privacybadger - Privacy Badger - Block third party tracking in your browser! By EFF
community-scripts - A collection of ZAP scripts provided by the community - pull requests very welcome!
keeweb - Free cross-platform password manager compatible with KeePass
docker-intro - Presentation: Intro to Docker
evercookie - evercookie is a javascript API that produces extremely persistent, respawning cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (LSOs), HTML5 storage, SilverLight storage, and others.
CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
goof - Super vulnerable todo list application
gdbgui - A modern, browser-based frontend to gdb (gnu debugger). Add breakpoints, view stack traces, and more in C, C++, Go, and Rust. Simply run gdbgui from the terminal and a new tab will open in your browser.
RegEx-DoS - 👮 👊 RegEx Denial of Service (ReDos) Scanner
box-js - A tool for studying JavaScript malware.
beef - The Browser Exploitation Framework Project
AtEar - Wireless Hacking, WiFi Security, Vulnerability Analyzer, Pentestration
appmon - Documentation:
evilredis - Script for doing evil stuff to Redis servers (for education purposes only).
juice-shop - OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.
faraday - Collaborative Penetration Test and Vulnerability Management Platform
intrigue-core - Discover your attack surface!
king-phisher-templates - Templates for the King Phisher open source phishing campaign toolkit.
ttystudio - A terminal-to-gif recorder minus the headaches.
CTOSecurityChecklist - The SaaS CTO Security Checklist
mermaid - Generation of diagram and flowchart from text in a similar manner as markdown
How-to-Understand-Sockets-Using-IoT - 🙉 A repo to show how to use Sockets with IoT devices
raneto-docker - Docker container for Markdown based Raneto Knowledgebase
accelerating-your-security-learning-in-2017-null-Bangalore-Jan2017 - A talk+workshop on Accelerating Your Security Learning in 2017 given at null Bangalore 2017
xssHunterExtension - Chrome Extension for XSS Hunter Payloads
diff-gui - GUI for Frida -Scripts
standard-readme - Standard Readme Style
52-technologies-in-2016 - Let's learn a new technology every week. A new technology blog every Sunday in 2016.
messenger-bot-witai-tutorial - Jack up your chat bot using Wit.ai in 30 minutes!
meanstacktutorial - MEAN Stack RESTful API Tutorial - Contact List App
serverless-iot-analytics - Serverless processing of sensor data using AWS IoT, Amazon Kinesis and AWS Lambda to display the result graphically on a static web page.
poisontap - Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.
AlgorithmVisualizer - Algorithm Visualizer
kitematic - Visual Docker Container Management on Mac & Windows
hacker-scripts - Based on a true story
vagrant-manager - Vagrant Manager is an electron, status bar menu app that lets you manage all of your vagrant machines from one central location.
contained.af - A stupid game for learning about containers, capabilities, and syscalls.
patchwork - A decentralized messaging and sharing app built on top of Secure Scuttlebutt (SSB).
linx-server - Self-hosted file/code/media sharing website
js-stack-from-scratch - 🛠️⚡ Step-by-step tutorial to build a modern JavaScript stack.
serverless-stories-lambda - Serverless app built with AWS Lambda
OSINT-Framework - OSINT Framework
vagrant-lists.github.io - Listing eco-system around Vagrant
mean - MEAN (Mongo, Express, Angular, Node) - A Simple, Scalable and Easy starting point for full stack javascript web development - utilizing many of the best practices we've found on the way
ubercookie - Browser Fingerprinting via getClientRects and AudioContext
wordpress-automation - Automate development of WordPress projects.
docker-swarm-visualizer - A visualizer for Docker Swarm Mode using the Docker Remote API, Node.JS, and D3
asciinema2gif - Generate animated GIFs from asciinema terminal recordings
pewpew - ⭐ ⭐ ⭐ Build your own IP Attack Maps with SOUND!
xss-keylogger - A keystroke logger to exploit XSS vulnerabilities in a site - for my personal Educational purposes only
raptor - Web-based Source Code Vulnerability Scanner
scans - AWS security scanning checks
mapster - Live events map as a Kibana plugin
datacenter-sensor - Sensors for the datacenter to protect against intruders and high temperatures
sleepy-puppy - Sleepy Puppy XSS Payload Management Framework
vsaq - VSAQ is an interactive questionnaire application to assess the security programs of third parties.
OS.js - JavaScript Cloud/Web Desktop Platform
tips - Most commonly used git tips and tricks.
xsshunter - The XSS Hunter service - a portable version of XSSHunter.com
GAEStarterKit - Google App Engine Starter Kit
awesome-selfhosted - This is a list of Free Software network services and web applications which can be hosted locally. Selfhosting is the process of locally hosting and managing applications instead of renting from SaaS providers.
resume.github.com - Resumes generated using the GitHub informations
manual_verification - Most of the times during pentest / vulnerability assessment you need to verify a finding before marking it as confirmed or false positive. This repository will try to put in sample code snippets / command's that can be used to perform that.
awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares
Java - Java related code
wp-calypso - The new JavaScript- and API-powered WordPress.com
node-mysql2 - ⚡ fast node-mysql compatible mysql driver for node.js
nodejs-mysql-native - Native mysql async client for node.js
particle-cli - Command Line Interface for Particle Cloud and devices
Web - HTML, CSS, Javascript, jQuery...etc
jsascii - JavaScript Image ASCIIfier
ascii-camera - Real-time ASCII representation of your webcam video stream
100days - 100 days of algorithms
BroThon - Bro + Python = BroThon! Processing and analysis of Bro IDS data with Python.
caffe2 - Caffe2 is a lightweight, modular, and scalable deep learning framework.
nmapii - Automated script for NMAP Scanner with some custom .nse scripts :) for lazy geeks :V
kali-nethunter - The Kali NetHunter Project
Nmap-Tools - SpiderLabs shared Nmap Tools
vulscan - Advanced vulnerability scanning with Nmap NSE
mastering-nmap - Mastering Nmap course code files
shodan-hq-nse - Shodan HQ nmap plugin - passively scan targets
linux-native-backdoors - Repository holding all alternatives of *nix backdoors.
hostapd-wpe - Modified hostapd to facilitate AP impersonation attacks
reverse-engineering-for-beginners - translate project of Drops
dcos-docker - Run DC/OS in Docker containers
awesome-web-scraping - List of libraries, tools and APIs for web scraping and data processing. The project is moved to http://opendir.io
FLEX - An in-app debugging and exploration tool for iOS
LinkLiar - 🔗 Link-Layer MAC spoofing GUI for macOS
knowledge-map - 🌍 Interactive Mind Map for learning anything
awesome-indie - Resources for independent developers to make money
awesome-cybersecurity - Curated list of awesome cybersecurity companies and solutions.
CTF-pwn-tips - Here records some tips about pwn that I have learned.
linux-kernel-exploitation - A bunch of links related to Linux kernel fuzzing and exploitation
OSINT_OpenData - A collection of Open Data for the data freaks out there.
SmokingLinuxEveryDay - Smoking Linux Every Day!
hacking-reading-list - 📖 信息安全阅读材料
unfixed-security-bugs - A list of publicly known but unfixed security bugs
web-security-basics - Web security concepts
bots - ⚡ Tools for building bots
Publications - All related files and slides for past talks
APTnotes - Various public documents, whitepapers and articles about APT campaigns
BreachNotes - Various public documents, whitepapers, articles, data, and analysis about breaches
OASAM - OASAM is the acronym of Open Android Security Assessment Methodology and its purpose is to become a reference framework on Android application vulnerability assessments.
2hourscrypto - Learn basic crypto in 2 hours
Pentest -
ctf-wiki - Hacking techniques useful during CTFs
Checklists - Pentesting checklists for various engagements
good-read - Repository for study material including ebooks, URLs, web pages etc
SecurityTools - A repo for collecting and organizing security tools of various types. As new ones come out, they get added to the list.
cheat-sheet - Commandline cheat sheet
tools - 🔧 Tools of the trade
security-notes - 📓 Some security related notes
SSTIC-Annex - Slides et Articles de sstic.org
Best-Penetration-Tools- - Best Penetration Tools | أفضل أدوات الاختراق
HackingTools - Exhaustive list of hacking tools
Automated-Malware-Analysis-List - My personal Automated Malware Analysis Sandboxes and Services
awesome-cve-poc - ✍️ A curated list of CVE PoCs.
lib - books
Training - DFIR Training Material
Enumeration - PoC REXX Script to Help with z/OS System enumeration via OMVS/TSO/JCL.
CCF-VM - CyLR CDQR Forensics Virtual Machine (CCF-VM): An all-in-one solution to parsing collected data, making it easily searchable with built-in common searches, enable searching of single and multiple hosts simultaneously
bitcoin-papers - Personal ideas and inventions for Bitcoin
Social-Engineering-Payloads - Collection of generic social engineering payloads
RAT-via-Telegram - Removed according to regulations
clamav-fuzz - A fuzz job for ClamAV
toolset -
The-Smart-Activist-s-Guide-to-Security - How to Build an Activist Organization Scratch
OSCP_Repo - Repository for OSCP certification
WindowsMobileSecurity - Everything I've gathered on Windows Mobile Security
Pentesting-networks-with-Nmap - Documentation from the #humla workshop at @nullblr: https://null.co.in/events/305-bangalore-null-bangalore-humla-08-april-2017-pentesting-networks-with-nmap
ExploitDevelopment - Exploit development stuff
IRKnowledge - A curated list of tools for incident response
lowlevelprogramming-university - How to be low-level programmer
awesome-windows-domain-hardening - A curated list of awesome Security Hardening techniques for Windows.
Resource-List - GitHub Project Resource List
AIX-for-Penetration-Testers - A basic AIX enumeration guide for penetration testers/red teamers.
Ubuntu-Desktop-Malware-Vector-Demo - Demo for http://blog.mazinahmed.net/2017/04/using-ubuntu-desktop-as-malware-vector.html
Top10 - Official OWASP Top 10 Document Repository
awesome-ml-for-cybersecurity -
Machine Learning for Cyber Security
osx-re-101 - A collection of resources for OSX/iOS reverse engineering.
awesome-osint - 😱 A curated list of amazingly awesome OSINT
Presentations - Presentation Archives for my OS X and iOS Related Research
penetration-testing-tools - Penetration Testing tools - one repo to clone them all... containing latest pen testing tools
Androl4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
RuinMyHistory - Pollute your web history so it's worthless to buyers
awesome-web-security - 🐶 A curated list of Web Security materials and resources.
docs - some notes on CTFs.
mms - Modern Memory Safety in C/C++
docker-cheat-sheet - Docker Cheat Sheet
linux-insides - A little bit about a linux kernel
computer-science - 🎓 Path to a free self-taught education in Computer Science!
awesome-static-analysis - A curated list of static analysis tools, linters and code quality checkers for various programming languages
wiki.secmobi.com - SecMobi Wiki is a collection of mobile security resources.
Hephaestus - Open Source Office Malware Generation & Polymorphic Engine for Red Teams and QA testing
ThreatHunter-Playbook - A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
POSHSPY - POSHSPY backdoor code
bash-guide - A guide to learn bash
IRM - Incident Response Methodologies
security-101-for-saas-startups - security tips for startups
awesome-reversing - A curated list of awesome reversing resources
js-vuln-db - A collection of JavaScript engine CVEs with PoCs
advisories - public advisories about security vulnerabilities
papers - papers about known hardware, software, computer, network and other ressources, including topics like hacking, security and programming.
Publications - Conference slides and White-papers
Awesome-Fuzzing - A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
SandboxingMalware - A malware sandoxed with gdb
androidre - Reverse engineering Android
disclosures - A place for disclosing things
training - Training materials crafted and publicly provided by Red Naga members
domxsswiki - Automatically exported from code.google.com/p/domxsswiki
linux-sysadmin-interview-questions - Collection of Linux Sysadmin/DevOps interview questions
python-pentest-tools - Python tools for penetration testers
wifiscanvisualizer - Wi-Fi Scan Visualizer by Pentester Academy
linset - Evil Twin Attack Bash script
RobotsDisallowed - A harvest of the Disallowed directories from the robots.txt files of the world's top websites.
Cheatsheets - Penetration Testing/Security Cheatsheets
security-cheatsheets - 🔒 A collection of cheatsheets for various infosec tools and topics.
security-cheatsheets - A collection of cheatsheets for various infosec tools and topics.
Androick -
ApplicationWhitelistBypassTechniques - A Catalog of Application Whitelisting Bypass Techniques
ctf-writeups - My writeups of various CTFs & security challenges
Presentations - Presentations and a little show off?
AggressorScripts - Aggressor scripts for use with Cobalt Strike 3.0+
Red-Team-Infrastructure-Wiki - Wiki to collect Red Team infrastructure hardening resources
safeseven - SS7 Assessment Tool
disposable-email-domains - a list of disposable and temporary email address domains
vulnerabilities - Vulnerability Reports by Aleph Research
Blog_Backup - A repository with various tutorials on how to do things in Pentesting, setup environments and other things
linux-container-security-docs - A gitbook for doing a null Bangalore session on linux container security to discuss and teach namespaces, cgroups etc.
ansible-workshop - Ansible workshop - hopefully generic enough that others can use it
ThreatHunting - An informational repo about hunting for adversaries in your IT environment.
MobileApp-Pentest-Cheatsheet - The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
free-tech-ebooks-from-packtpub - A collection of free ebooks from Packt Publishing [Regularly Updated]
References - A collection of interesting and to-be-read paper references.
security-onion - Linux distro for IDS, NSM, and Log Management
PlacesToPostYourStartup - Compiled list of links from "Ask HN: Where can I post my startup to get beta users?"
developer-roadmap - Roadmap to becoming a web developer in 2017
Become-A-Full-Stack-Web-Developer - Free resources for learning Full Stack Web Development
Cheat-Sheets - Cheat Sheets for Networking, and Programming.
post-mortems - A collection of postmortems. Pull requests welcome :-)
Technical-Interview-Megarepo - Study materials for SE/CS technical interviews
awesome-devenv - A curated list of awesome tools, resources and workflow tips making an awesome development environment.
Exploit-Challenges - A collection of vulnerable ARM binaries for practicing exploit development
Useful_Websites_For_Pentester - This repository is to make life of the pentester easy as it is a collection of the websites that can be used by pentesters for day to day studies and to remain updated.
awesome-pentest-cheat-sheets - Collection of the cheat sheets useful for pentesting
articles - Various articles I've written
Java-Deserialization-Cheat-Sheet - The cheat sheet about Java Deserialization vulnerabilities
Security_list - Great security list for fun and profit
awesome-electronics - A curated list of awesome resources for electronic engineers and hobbyists
Exploit-Exercises-Nebula - Exploit-Exercises Nebula全攻略——Linux平台下的漏洞分析入门
papers-we-love - Papers from the computer science community to read and discuss.
DevOpsLinks-Is-Awesome - Curated & Must Read Content For DevOps, SysAdmins & Fullstack Developers.
reading-material - 📚 Stuff to read up
proxy-list - A curated list of free public proxy servers
NetworkHealthChecklist - A checklist of items to check, especially when inheriting a foreign network.
infosec_getting_started - A collection of resources/documentation/links/etc to help people learn about Infosec and break into the field.
awesome-no-login-web-apps - 🌟 Awesome (free) web apps that work without login
csirt-essential-reading - Reading List for CSIRT Team Members
awesome-browser-extensions-for-github - A collection of awesome browser extensions for GitHub.
awesome-iot - A curated list of awesome Internet of Things projects and resources.
awesome-interview-questions -
A curated awesome list of lists of interview questions. Feel free to contribute! 🎓
itpol - Useful IT policies
what-happens-when - An attempt to answer the age old interview question "What happens when you type google.com into your browser and press enter?"
IPv6 - Playing with IPv6 for fun and profit
MEAN-Learning - 📋 A Complete Guide to MEAN Stack
onboarding - A list of resources we at flyeralarm use to get new developers up and running
awesome-test-automation - A curated list of awesome test automation frameworks, tools, libraries, and software for different programming languages. Sponsored by http://sdclabs.com
wit - Natural Language Interface for apps and devices
cs-video-courses - List of Computer Science courses with video lectures.
all-things-java - Collection of links on Java - tech talks/ sites/ advanced topics
alldaydevops-shua - This repository contains all the talk materials and ebook from the talk System Hardening Using Ansible given at All Day DevOps 2016 online conference
BlueHat2016 - Slides & Code BlueHat 2016
guides - Design and development guides
HeadlessBrowsers - A list of (almost) all headless web browsers in existence
Pentest-Bookmarks - Database of websites for penetration testing
ipfs - IPFS - The Permanent Web
awesome-paid-open-source - Collection of links around paid/sustainable open source development
art-of-readme - 💌 Learn the art of writing quality READMEs.
lemonade-stand - A handy guide to financial support for open source
awesome-raspberry-pi - curated list of projects with raspberry pi
zalando-howto-open-source - Open Source guidance from Zalando, Europe's largest online fashion platform
offensiveinterview - Interview questions to screen offensive (red team/pentest) candidates
open-source-ideas - 👐 Ever had a cool idea to an Open Source project but didn't have the time to implement yourself? Let someone else give it a try!
NorthKoreaDNSLeak - Snapshot of North Korea's DNS data taken from zone transfers.
coding-interview-university - A complete computer science study plan to become a software engineer.
Security-Data-Analysis - A series of labs that will help users apply various data science techniques to security related data.
SystemProgramming - UIUC Crowd-Sourced System Programming Book
awesome-remote-job - A curated list of awesome remote jobs and resources. Inspired by https://github.com/vinta/awesome-python
DeviceGuardBypassMitigationRules - A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses
docker-datasploit - Docker container for datasploit framework
awesome-devsecops - An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
api-guidelines - Microsoft REST API Guidelines
datasploit-ansible - Ansible Playbook for setting up Datasploit
wordpress_plugin_security_testing_cheat_sheet - WordPress Plugin Security Testing Cheat Sheet
HitCon-2016-Windows-10-x64-edge-0day-and-exploit - HitCon 2016 Windows 10 x64 edge 0day and exploit
dear-github - 📨 An open letter to GitHub from the maintainers of open source projects
Project-Ideas - A place to discuss potential projects for students of the ISIS Lab.
datasharing - The Leek group guide to data sharing
defcon24-infra-monitoring-workshop - Defcon24 Workshop Contents : Ninja Level Infrastructure Monitoring
potator - A Tor-based Decentralized Virtual Private Network Application
security-guide-for-developers - Security Guide for Developers (实用性开发人员安全须知)
present - Reveal JS presentation with reveal-md using Docker
awesome-vagrant - A curated list of awesome Vagrant resources, plugins, tutorials and other nice things.
awesome-android - A curated list of awesome Android packages and resources.
awesome-sysadmin - A curated list of amazingly awesome open source sysadmin resources inspired by Awesome PHP.
awesome-cryptography - A curated list of cryptography resources and links.
posix-unix-standard - The POSIX / Single UNIX Specification, Version 4 | IEEE Std 1003.1, 2016 Edition
free-programming-books - 📚 Freely available programming books
fishfry - replaces fish history with a history tailored to pentesters for efficency and newbie pentesters for learning. this is also useful for begginer linux users as i have included descriptions of the file structure and basic commands, also includes commands for several different distro's.
Decrypted-Kernels - Decrypted iOS 10 Kernels
androidtamer-menu - Tamer Menu details.
osx-and-ios-security-awesome - OSX and iOS related security tools
android-security-awesome - A collection of android security related resources
awesome-windows-exploitation - A curated list of awesome Windows Exploitation resources, and shiny things. Inspired by awesom
awesome-web-hacking - A list of web application security
awesome-php - A curated list of amazingly awesome PHP libraries, resources and shiny things.
awesome-pcaptools - A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.
awesome-security - A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
awesome-malware-analysis - A curated list of awesome malware analysis tools and resources
awesome-iot-hacks - A Collection of Hacks in IoT Space so that we can address them (hopefully).
awesome-incident-response - A curated list of tools for incident response
awesome-hacking - A curated list of awesome Hacking tutorials, tools and resources
awesome-exploit-development - A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development
awesome-bug-bounty - A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
tbhm - The Bug Hunters Methodology
awesome-tech-conferences - 📢 A curated list of upcoming technical conferences
awesome-awesome-awesome -
A a curated list of curated lists of awesome lists.
wincmdfu - Windows one line commands that make life easier, shortcuts and command line fu.
awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things
sonar - Project Sonar
awesome-sec-talks - A collected list of awesome security talks
the-art-of-command-line - Master the command line, in one page
WebShells - An list of webshell vulnerability injection.
commix-testbed - A collection of web pages, vulnerable to command injection flaws.
password_lock - Wraps Bcrypt-SHA2 in Authenticated Encryption
crackingwebctfs - Repo of files and setup from the free session conducted on Cracking Web CTFs on 15th April 2017 Bangalore.
writeups - Coleção de writeups
SocialHacking - NYU ITP Spring 2016
nosqlilab - A lab for playing with NoSQL Injection
collection - this includes useful or interesting things....
sqli-labs - SQLI labs to test error based, Blind boolean based, Time based.
rips - RIPS - A static source code analyser for vulnerabilities in PHP scripts
FiercePhish - FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
PHP-backdoors - A collection of PHP backdoors. For educational or testing purposes only.
webshell - This is a webshell open source project
php-exploit-scripts - A collection of PHP exploit scripts, found when investigating hacked servers. These are stored for educational purposes and to test fuzzers and vulnerability scanners. Feel free to contribute.
webshellSample - webshell sample for WebShell Log Analysis
WebShell - WebShell Collect
php-webshells - Common php webshells. Do not host the file(s) on your server!
LDAP-credentials-collector-backdoor-generator - This script generate backdoor code which log username password of an user who have passed HTTP basic auth using LDAP credentials.
Scanners-Box - [Project-Kob-6]The toolbox of open source scanners - 安全行业从业人员自研开源扫描器合集👻
php-security-pitfalls - Code repository for Tutsplus course PHP Security Pitfalls
IntruderPayloads - A collection of Burpsuite Intruder payloads, fuzz lists and file uploads
fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
sqlite-lab - This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/
Sn1per - Automated Pentest Recon Scanner
adfind - Admin Panel Finder
WackoPicko - WackoPicko is a vulnerable web application used to test web application vulnerability scanners.
xvwa - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
Local-file-disclosure-SQL-Injection-Lab - This is sample code to demonstrate how one can use SQL Injection vulnerability to download local file from server in specific condition. If you have any doubt, ping me at https://twitter.com/IndiShell1046 :)
Security - Repository of my Computer and Information Security work.
HackTheVote - Handouts, setup scripts, sources, and solutions for challenges from Hack The Vote
VulApps - 快速搭建各种漏洞环境(Various vulnerability environment)
proxycheck_script - Proxy checking script
SecLists - SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
PHP-v8js-CloudFlare-bypass - A CloudFlare bypass that makes use of the v8 javascript engine for PHP
awesome-appsec - A curated list of resources for learning about application security
dvws - Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.
phpservermon - PHP Server Monitor
PlugBot-Plug - The "bot" component of the PlugBot project
PlugBot-C2C - This is the Command & Control component of the PlugBot project
wifidog-auth - Repository for the PHP wifidog captive portal auth server
masscan-web-ui - MASSCAN Web UI
- cgasm - We're insanely passionate about command line asm documentation in the cloud, and we're crushing it!
sandcat - An open-source, pentest and developer-oriented web browser, using the power of Lua
Remote-Access-Trojan - Windows Remote-Access-Trojan
lpe-arsenal - Local privilege escalation scripts and tools
AutomatedProfiler - Automated forensics written in PowerShell
dotfiles - My dotfiles. Buyer beware ;)
freeaudit - Packaging audit toolkit using vulners.com vulnerability database
EQGRP - Decrypted content of eqgrp-auction-file.tar.xz
O-Saft - O-Saft - OWASP SSL advanced forensic tool
twittermon - Twitter keywords monitoring tool
pastemon - pastebin.com Content Monitoring Tool
enum4linux - A Linux alternative to enum.exe for enumerating data from Windows and Samba hosts.
ssl-cipher-suite-enum - PERL script to enumerate supported SSL cipher suites supported by network services (principally HTTPS).
nikto - Nikto web server scanner
Linux_Exploit_Suggester - Linux Exploit Suggester; based on operating system release number
ATSCAN - Advanced Search & Dork Mass Exploit - فاحص متقدم لبحث و استغلال الثغرات بالجملة
rdp-sec-check - PERL script to enumerate security settings of an RDP Service (AKA Terminal Services)
dvcs-ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG...
shellcoder - Create shellcode from executable or assembly code
joomscan - OWASP Joomla Vulnerability Scanner Project
pentest-tools - Penetration testing scripts
exploit -
owasp-modsecurity-crs - OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)
- metasploit-vulnerability-emulator - Created by Jin Qian via the GitHub Connector
PowEnum - Executes common PowerSploit Powerview functionaility then combines output into a spreadsheet.
RedTeamPowershellScripts - Powershell script that search through the Windows event logs for specific user
Invoke-CradleCrafter - PowerShell Remote Download Cradle Generator & Obfuscator
Discovery - Discovery is a powerful PowerShell module that lets you probe the inner depths of the operating system.
application-restriction-bypasses - A set of compiled application restriction bypasses
ElevateKit - The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
LyncSniper - LyncSniper: A tool for penetration testing Skype for Business and Lync deployments
PSKernel-Primitives - Exploit primitives for PowerShell
PoshC2 - Powershell C2 Server and Implants
WMImplant - This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.
Invoke-Obfuscation - PowerShell Obfuscator
Sherlock - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
PowerSploit - PowerSploit - A PowerShell Post-Exploitation Framework
PIC_Bindshell - Position Independent Windows Shellcode Written in C
nishang - Nishang - PowerShell for penetration testing and offensive security.
NetRipper - NetRipper - Smart traffic sniffing for penetration testers
PowerTools - PowerTools is a collection of PowerShell projects with a focus on offensive operations.
Veil-Pillage - Veil-Pillage is a post-exploitation framework that integrates with Veil-Evasion.
SessionGopher-Arvanaghi - SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
SessionGopher - SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
redsnarf - RedSnarf is a pen-testing / red-teaming tool for Windows environments
PowerMeta - PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.
luckystrike - A PowerShell based utility for the creation of malicious Office macro documents.
Empire - Empire is a PowerShell and Python post-exploitation agent.
HostRecon - This function runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase. It gathers information about the local system, users, and domain information. It does not use any 'net', 'ipconfig', 'whoami', 'netstat', or other system commands to help avoid detection.
MakeWindows10GreatAgain - Tweaks to make Windows 10 less annoying and more usable
PowerMemory - Exploit the credentials present in files and memory
bashbunny-payloads - Payloads for the Hak5 Bash Bunny
BrowserGather - Fileless web browser information extraction
PowerUpSQL - PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
BloodHound - Six Degrees of Domain Admin
DefCon24 - DefCon24
mimikittenz - A post-exploitation powershell tool for extracting juicy info from memory.
fathomless - A collection of different programs for network red teaming.
PowerCat - A PowerShell TCP/IP swiss army knife.
- pentesting-playground - Code for installing various security minded tools onto Vagrant powered virtual machines
LinkedinSpider - Linkedin爬虫,根据公司名字抓取员工的linkedin信息
IDS-Evasion - Evading Snort Intrusion Detection System.
malwaresearch - A command line tool to find malwares on http://openmalware.org
VolDiff - VolDiff: Malware Memory Footprint Analysis based on Volatility
pykek - Kerberos Exploitation Kit
freedomfighting - A collection of scripts which may come in handy during your freedom fighting activities.
penetration - this is some pentest script based on python, just simple but useful, maybe it can help you do something else. just have a try
jackhammer - Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
WindowsExploits - Windows exploits, mostly precompiled.
PyBozoCrack - A silly & effective MD5 cracker in Python
msf-remote-console - A remote msfconsole written in Python 2.7 to connect to the msfrcpd server of metasploit. This tool gives you the ability to load modules permanently as daemon on your server like autopwn2.
Forensic-Tools - A collection of tools for forensic analysis
nsshell - A DNS connectback shell executed by strings in payloads.txt
freshonions-torscraper - Fresh Onions is an open source TOR spider / hidden service onion crawler hosted at zlal32teyptf4tvi.onion
pwnbin - Python Pastebin Webcrawler that returns list of public pastebins containing keywords
EmailHarvester - Email addresses harvester
inshack-2017 - Challenges for INShAck
pyekaboo - A proof-of-concept program that is able to to hijack/hook/proxy Python module(s) thanks to $PYTHONPATH variable
python-sdk - Python library to use Koodous
RouterExploitScan - RouterExploit
CTF-Tools - Attack-Defend CTF Tools
spiderfoot - SpiderFoot, the open source footprinting and intelligence-gathering tool.
WhatsMyName - This repository has the unified data required to perform user enumeration on various websites. Content is in a JSON file and can easily be used in other projects.
CheckMyUsername - Python Library for Social Media and Other Service Username Availability Checker
Belati - The Traditional Swiss Army Knife for OSINT
python-security-bootcamp - Python Security Bootcamp aims at helping people with solving,automating challenges in security using python.
Mimir - OSINT Threat Intel Interface
lterm - lterm is a small script built to install a bash hook for full terminal logging.
Infoga - Infoga - Email Information Gathering
Some-PoC-oR-ExP - 各种漏洞poc、Exp的收集或编写
pyvulhunter - python audit tool 审计 注入 inject
bropy - Basic Anomaly IDS capabilities with Python and Bro
AIL-framework - AIL framework - Analysis Information Leak framework
jwtcat - JSON Web Token (JWT) cracker.
ipwhois - Retrieve and parse whois data for IPv4 and IPv6 addresses
Nettacker - Automated Penetration Testing Framework
DSSS - Damn Small SQLi Scanner
sploitego - Maltego Penetration Testing Transforms
awesome-hacking - Awesome hacking is an awesome collection of hacking tools.
scripts - Scripts
splunk_shells - Weaponizing Splunk with reverse and bind shells.
malicious_file_maker - malicious file maker/sender to create and send malicious attachments to test your email filter/alerting
TC2017 - Anti-Honeypot Demo
manticore - Dynamic binary analysis tool
WPSeku - Simple Wordpress Security Scanner
ctf - Ctf solutions from p4 team
FindFrontableDomains - Search for potential frontable domains
usb-device-fuzzing - Some tools for testing USB devices
fuzzbunch_wrapper - Fuzzbunch Python-Wine wrapper
analyst-scripts - Scripts to analyze stuff
hacking-tools - tools which can be used by forensics experts and ethical hackers
system-design-primer - Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.
iker - IPSec testing tool
passive-dns-atlas - Passive DNS collection (and statistics) from RIPE Atlas Sensors
scripts - Scripts that I've written that others may find useful
WebAppSec - Web Application Security
expdevBadChars - Bad Characters highlighter for exploit development purposes supporting multiple input formats while comparing.
write-ups - 📘 Writeups for different CTF challenges
BurpSmartBuster - A Burp Suite content discovery plugin that add the smart into the Buster!
shootback - a reverse TCP tunnel let you access target behind NAT or firewall
domain-scan - A standard pipeline for running open source scanning tools on domains to measure things like speed, accessibiity, and HTTPS.
DFIRbus - DFIR automation tool based on REbus
CTF-Tools - My Personal Library for CTF's
Smbtouch-Scanner - Automatically scan the inner network to detect whether they are vulnerable.
tap - The TrustedSec Attack Platform is a reliable method for droppers on an infrastructure in order to ensure established connections to an organization.
ctf101-systems-2016 - ctf101 systems security repository
linux-exploitation-course - A Course on Intermediate Level Linux Exploitation
pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
cinnapwn - CDDC Exploitation Framework
grapevine - Fuzzer for the Mac Kernel
post_pre - An example of smart assembly
ip2geo - Script to perform bulk local GeoIP lookups (ASN and geo) for IP addresses
burp-cph - Custom Parameter Handler extension for Burp Suite.
focuson - A tool to surface security issues in python code
SLARF - SQLite Artifact Recovery Framework (SLARF)
EvtxParser - Various Python scripts to parse Windows Evtx log files
EmbeddedForensics - Misc. Python scripts for conducting Embedded Forensics
RegHexDump - Registry Hex Dump
GitPass - Open Source Your Password (Mismanagement)!
CVE-2017-0199 - Exploit toolkit CVE-2017-0199 - v3.0 is a handy python script which provides a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious (Obfuscated) RTF file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
libheap - python library to examine ptmalloc (the glibc userland heap implementation)
java_deserialization_exploits - A collection of Java Deserialization Exploits
BeRoot - Windows Privilege Escalation Tool
vault-tendril - A tool to manipulate secrets using Hashicorp's vault
ShodanHat - search for hosts info with shodan
exefilter - ExeFilter is an open-source tool and framework to filter file formats in e-mails, web pages or files. It detects many common file formats and can remove active content (scripts, macros, etc) according to a configurable policy.
balbuzard - Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.
algorithms - Minimal examples of data structures and algorithms in Python
mass_triage_tools - Mass Triage Tools
nsrlfilter - Startup script for handling multiple whitelists/blacklists for nsrllookup daemons
CIS-ESP - The Center for Internet Security Enumeration and Scanning Program
metastamp - Extract metadata from files in directory
misc - Miscellaneous repository of scripts and tools
FalconGate - A smart gateway to stop hackers and Malware attacks
OpenDoor - OWASP WEB Directory Scanner
Needl - Take back your privacy. Lose yourself in the haystack.
the-endorser - LinkedIn OSINT tool to pluck out relationships between people via endorsements
blackmamba - Blackmamba is a new concurrent networking library for Python. Blackmamba was built from the ground up leveraging the power of epoll and coroutines.
pyshark - Python wrapper for tshark, allowing python packet parsing using wireshark dissectors
TTSL - Tool to scrape LinkedIn
OWASP-ZSC - OWASP ZSC - Shellcode/Obfuscate Code Generator
nmap-converter - Python script for converting nmap reports into XLS
opensnitch - OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
mando.me - Web Command Injection Tool
powerstager - A payload stager using PowerShell
subuser - Run programs on linux with selectively restricted permissions.
games -
ctfs - Write ups
pwntools-write-ups - A colleciton of CTF write-ups all using pwntools
demos - Prototype Demo Code
doublepulsar-detection-script - A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
scripts - Random scripts
fuzzbunch - NSA finest tool
black.box - Plug-and-Play VPN router and unblocker
APK - apk: a wrapper over various commands used for Android APK manipulation
LiMEaide - A python application designed to remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host.
Python-Hash-Cracker - Extremely Fast Python Hash Cracker.
shadowbrokers-exploits - Mirror of Shadowbrokers release from https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
EQGRP_Lost_in_Translation - Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg
python-for-pentesters-webinar - Example Material for SecureState's 2016 Python for Pentesters Webinar
Insanity-Framework - Generate Payloads and Control Remote Machines. [Discontinued]
PoC - Various PoCs
pyrasite - Inject code into running Python processes
PloitKit - The Hacker's ToolBox
waybackpack - Download the entire Wayback Machine archive for a given URL.
clusterd - application server attack toolkit
shadowbroker - The Shadow Brokers "Lost In Translation" leak
WHP - Micro$oft Windows Hacking Pack
giant_backdoor - Windows login backdoor diagnostic tool
apiscout -
idastuff - IDA Pro/Hexrays plugins
miasm - Reverse engineering framework in Python
shellnoob - A shellcode writing toolkit
python-paddingoracle - A portable, padding oracle exploit API
virustotal - VirusTotal tools
dragon - Dragon Sandbox
viper - Binary analysis and management framework
detekt - Malware triaging tool
pentest-wiki - PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
tools - 7E Tools
emailSpam - An email spam bot written in Python, to send emails to specified addresses. Use with caution.
tweets_analyzer - Tweets metadata scraper & activity analyzer
hakkuframework - Hakku Framework penetration testing
sipvicious - SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems.
security-scripts - A collection of public offensive and defensive security related scripts for InfoSec students.
Garfield - An offensive attack framework for Distributed Layer of Modern Applications
zapy - Run Zed Attack Proxy from command-line
grr - GRR Rapid Response: remote live forensics for incident response
kickthemout - 💤 Kick devices off your network by performing an ARP Spoof attack.
macOS-Security-and-Privacy-Guide - A practical guide to securing macOS.
XSSight - It is script that can scan for XSS vulnerabilites and inject payloads. Visit our website for awesome hacking tutorials http://teamultimate.in/
gef - Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers
CarHackerBookCode - A small repository of code and snippets for the Car Hacker's Manual
python-scraping - Code samples from the book Web Scraping with Python http://shop.oreilly.com/product/0636920034391.do
netscreen-shodan-scanner - A SHODAN/Censys + Paramiko scanner to check for backdoored Internet-facing Juniper ScreenOS devices
garfield - Wannabe distributed system scanner
reversemap - Analyse SQL injection attempts in web server logs
mac4n6 - Collection of forensics artifacs location for Mac OS X and iOS
AndroBugs_Framework - AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.
pefile - pefile is a Python module to read and work with PE (Portable Executable) files
netattack - Python script to scan and attack wireless networks
punter - Hunt domain names using DNSDumpster, WHOIS, Reverse WHOIS, Shodan, Crimeflare
Vproxy - Forward HTTP/S Traffic To Proxy Instance
evilginx - Man-in-the-middle attack framework used for phishing credentials and session cookies of any web service.
umap2 - Umap2 is the second revision of NCC Group's python based USB host security assessment tool.
Hodor - Hodor! Fuzzer..
ssh_user_enum - SSH User Enumeration Script in Python Using The Timing Attack
shocker - A tool to find and exploit servers vulnerable to Shellshock
python-libnmap - libnmap is a python library to run nmap scans, parse and diff scan results. It supports python 2.6 up to 3.4. It's wonderful.
fuzzyftp - The FTP fuzzer for Sulley and Peach.
burp2sulley - Converts burp's sitemap to sulley's fuzzing script
peach - Peach is a fuzzing framework which uses a DSL for building fuzzers and an observer based architecture to execute and monitor them.
Pentesting-with-Python - Various penetration testing tools written in Python. Based mostly on ideas and implementations presented in 'Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers' by TJ O'Connor and 'Black Hat Python' by Justin Seitz.
isp-data-pollution - ISP Data Pollution to Protect Private Browsing History with Obfuscation
python_lnk_maker - Make Windows LNK file with python (pylnk)
yosai - A Security Framework for Python applications featuring Authorization (rbac permissions and roles), Authentication (2fa totp), Session Management and an extensive Audit Trail
awesome-honeypots - an awesome list of honeypot resources
struts2_045_scan - Struts2-045 Scanner
sovereign - A set of Ansible playbooks to build and maintain your own private cloud: email, calendar, contacts, file sync, IRC bouncer, VPN, and more.
WordSteal - This script will create a POC that will steal NTML hashes from a remote computer. Do not use this for illegal purposes.The author does not keep responsibility for any illegal action you do.
osintstalker - osintstalker
pyforensics - Collection of single use scripts I worte for windows forensics
dnsrecon - DNS Enumeration Script
WPForce - Wordpress Attack Suite
interactive-coding-challenges - Huge update! Interactive Python coding interview challenges (algorithms and data structures). Includes Anki flashcards.
ds_store_exp - A .DS_Store file disclosure exploit. It parse .DS_Store file and download files recursively.
mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers
wfuzz - Web application fuzzer
bitdump - A tool to extract database data from a blind SQL injection vulnerability.
birp - Big Iron Recon & Pwnage
binwally - Binary and Directory tree comparison tool using Fuzzy Hashing
BDFProxy - Patch Binaries via MITM: BackdoorFactory + mitmProxy.
BBScan - A tiny Batch weB vulnerability Scanner
bbqsql - SQL Injection Exploitation Tool
BAMF - Botnet Analysis Modular Framework
backHack - backHack, a tool to perform Android app analysis by backing up and extracting apps, allowing you to analyze and modify file system contents for apps.
backfuzz - protocol fuzzing toolkit
backdoorme - powerful auto-backdooring utility
backcookie - Small backdoor using cookie.
metame - metame is a metamorphic code engine for arbitrary executables
PenBox - PenBox - A Penetration Testing Framework - The Tool With All The Tools , The Hacker's Repo
scapy-fakeap - Fake wireless Access Point (AP) implementation using Python and Scapy, intended for convenient testing of 802.11 protocols and implementations.
king-phisher - Phishing Campaign Toolkit
Matroschka - Python steganography tool to hide images or text in images
RecuperaBit - A tool for forensic file system reconstruction.
Fireaway - Next Generation Firewall Audit and Bypass Tool
dockerscan - Docker security analysis & hacking tools
Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
smod - MODBUS Penetration Testing Framework
choronzon - An evolutionary knowledge-based fuzzer
BruteXSS - BruteXSS - Cross-Site Scripting Bruteforcer
kerberom - Kerberom is a tool aimed to retrieve ARC4-HMAC'ed encrypted Tickets Granting Service (TGS) of accounts having a Service Principal Name (SPN) within an Active Directory
sulley - A pure-python fully automated and unattended fuzzing framework.
pshtt - Scan domains and return data based on HTTPS best practices
LHF - A modular recon tool for pentesting
sslyze - Fast and powerful SSL/TLS server scanning library.
wafw00f - WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
EmPyre - A post-exploitation OS X/Linux agent written in Python 2.7
ViperMonkey - A VBA parser and emulation engine to analyze malicious macros.
Clickjacking-Tester - A python script designed to check if the website if vulnerable of clickjacking and create a poc
AdflyUrlGrabber - A python script designed to grab the original url from an adfly url without opening it :D
AirCracker - Basic python script for detect airdroid users in lan
Dr0p1t-Framework - A framework that creates a dropper that bypass most AVs, some sandboxes and have some tricks ;)
Saddam - DDoS Amplification Tool
DPAT - Domain Password Audit Tool for Pentesters
theZoo - A repository of LIVE malwares for your own joy and pleasure
MFFA - Media Fuzzing Framework for Android
Malfunction - Malware Analysis Tool using Function Level Fuzzy Hashing
LL-Fuzzer - An automated NFC fuzzing framework for Android devices.
AndroFuzz - A fuzzing utility for Android that focuses on reporting and delivery portions of the fuzzing process
Just-Metadata - Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset.
utimaco - Tools for reverse engineering the Utimaco Firmware
shannonRE - Helpful scripts for various tasks performed during reverse engineering the Shannon Baseband with the goal to exploit the Samsung Galaxy S6
maltrieve - A tool to retrieve malware directly from the source for security researchers.
mehrai - docker based telnet honeypot
headerget - Get version headers from a list of websites
BlackHatPython - Black Hat Python Labs
Jetleak-Testing-Script - Script to test if a server is vulnerable to the JetLeak vulnerability
dnscan -
dumpmon - Information Dump Monitor
Security-Tools - General Security Tools Developed by AppSec Consulting
Pentest-Tools - Penetration Testing Tools Developed by AppSec Consulting.
truffleHog - Searches through git repositories for high entropy strings, digging deep into commit history
AutoBrowser - AutoBrowser Screenshot
gateway-finder - Tool to identify routers on the local LAN and paths to the Internet
sparta - Network Infrastructure Penetration Testing Tool
sqlmap - Automatic SQL injection and database takeover tool
egressbuster - Egressbuster is a method to check egress filtering and identify if ports are allowed. If they are, you can automatically spawn a shell.
hash_parser - This is a hash parser that will export a rc file compatible with Metasploit. This is useful when compromising a separate domain and want to see if any of the credentials work on another domain or other systems.
meterssh - MeterSSH is a way to take shellcode, inject it into memory then tunnel whatever port you want to over SSH to mask any type of communications as a normal SSH connection. The way it works is by injecting shellcode into memory, then wrapping a port spawned (meterpeter in this case) by the shellcode over SSH back to the attackers machine. Then connecting with meterpreter's listener to localhost will communicate through the SSH proxy, to the victim through the SSH tunnel. All communications are relayed through the SSH tunnel and not through the network.
unicorn - Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
crowbar - Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.
zarp - Network Attack Tool
keimpx - Check for valid credentials across a network over SMB
SNMP-Brute - Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script.
smbmap - SMBMap is a handy SMB enumeration tool
snitch - information gathering via dorks
subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains.
Veil-Catapult - Veil Catapult is no longer supported
Veil-Evasion - Veil Evasion is no longer supported, use Veil 3.0!
sparty - Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]
MITMf - Framework for Man-In-The-Middle attacks
net-creds - Sniffs sensitive data from interface or pcap
Scripts - Useful Scripts
wifijammer - Continuously jam all wifi clients/routers
CMSmap -
WPA2-HalfHandshake-Crack - This is a POC to show it is possible to capture enough of a handshake with a user from a fake AP to crack a WPA2 network without knowing the passphrase of the actual AP.
nsearch - minimal script to help find script into the nse database
WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack
ptf - The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
golismero - GoLismero - The Web Knife
autopwn - Specify targets and run sets of tools against them
scripts - Scripts created by MRG Effitas
ARTLAS - Apache Real Time Logs Analyzer System
ARPwner -
arpstraw - Arp spoof detection tool
ARMSCGen - ARM Shellcode Generator
apt2 - automated penetration toolkit
APKiD - Android Application Identifier for Packers, Protectors, Obfuscators and Oddities
API-dnsdumpster.com - (Unofficial) Python API for https://dnsdumpster.com/
AntiRansom - Fighting against ransomware using honeypots
angrop -
angr - The next-generation binary analysis platform from UC Santa Barbara's Seclab!
androwarn - Yet another static code analyzer for malicious Android applications
AndroidPINCrack - Bruteforce the Android Passcode given the hash and salt.
androguard - Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)
amoco - yet another tool for analysing binaries
albatar - Albatar is a SQLi exploitation framework in Python
http-request-translator - HTTP Request Translator (hrt) translates raw HTTP requests to different scripts (bash, python, etc.)
nozzlr - Nozzlr is a bruteforce framework, trully modular and script-friendly
nullinux - SMB null session identification and enumeration tool
ptp - Pentester's Tools Parser (PTP) provides an unified way to retrieve the information from all (final goal) automated pentesting tools and assign an automated ranking for each finding.
infosec -
dnsbrute - DNS Sub-domain brute forcer, in Python + gevent
pydictor - A useful hacker dictionary builder for a brute-force attack
security-tools - Collection of small security tools created mostly in Python. CTFs, pentests and so on
CyberCrowl - CyberCrowl is a python Web path scanner tool
zap-cli - A simple tool for interacting with OWASP ZAP from the commandline.
FileSensor - Dynamic file detection tool based on crawler 基于爬虫的动态敏感文件探测工具
killchain - A unified console to perform the "kill chain" stages of attacks
web2attack - Web hacking framework with tools, exploits by python
cansina - Web Content Discovery Tool
RSPET - RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
exploitpack - Exploit Pack - Open Source GPLv3 Project
V3n0M-Scanner - Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
dirsearch - Web path scanner
mongoaudit - 🔥 A powerful MongoDB auditing and pentesting tool 🔥
mitmAP - 📡 A python program to create a fake AP and sniff data.
drozer - The Leading Security Assessment Framework for Android.
CrackMapExec - A swiss army knife for pentesting networks
jawfish - Tool for breaking into web applications.
NodeJsScan - NodeJsScan is a static security code scanner for Node.js applications.
aggroArgs - Bruteforce commandline buffer overflows and automated exploit generation, linux, aggressive arguments
ad-ldap-enum - An LDAP based Active Directory user and group enumeration tool
abcd - ActionScript ByteCode Disassembler
a2sv - Auto Scanning to SSL Vulnerability
AutOSINT - Tool to automate common OSINT tasks
wpsik - WPS scan and pwn tool
dtf - Android Device Testing Framework ("dtf")
ridenum - Rid_enum is a null session RID cycle attack for brute forcing domain controllers.
csrfpocmaker - A Simple & Handy tool.
Inspector - The Inspector tool is a privilege escalation helper (PoC), easy to deployed on web server, this tool can list process running with root, check kernel version, check history file, get possible exploit ...
operative-framework - This is a framework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules (Viadeo search,Linkedin search, Reverse email whois, Reverse ip whois, SQL file forensics ...)
HaboMalHunter - HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.
usb-canary - A Linux tool that uses pyudev to monitor devices while your computer is locked. In the case it detects someone plugging in or unplugging devices it can be configured to send you an SMS or alert you via Slack of the potential security breach.
LaZagne - Credentials recovery project
mimipenguin - A tool to dump the login password from the current linux user
inquisitor - Opinionated tool for easily and accurately profiling the internet exposure of target organisations using OSINT sources
BlindElephant - Getting BlindElephant into a working state, and updating the plugin files
plecost - Plecost - Wordpress finger printer Tool
pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
useful -
flare-fakenet-ng - FakeNet-NG - Next Generation Dynamic Network Analysis Tool
metasploitHelper - metasploitHelper
cribdrag - cribdrag - an interactive crib dragging tool for cryptanalysis on ciphertext generated with reused or predictable stream cipher keys
linuxprivchecker - linuxprivchecker.py -- a Linux Privilege Escalation Check Script
JeanGrey - A tool to perform differential fault analysis attacks (DFA).
wifite2 -
armpwn - Repository to train/learn memory corruption on the ARM platform.
Delorean - NTP Main-in-the-Middle tool
AuthMatrix - AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.
IIS_exploit - Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
SMTP-Injection-POC - Small POC to test SMTP command injection
dagda - a tool to perform static analysis of known vulnerabilities in docker images/containers and to monitor running docker containers for detecting anomalous activities
CSRFT - A lightweight CSRF Toolkit for easy Proof of concept
fame - FAME Automates Malware Evaluation
Deadpool - Repository of various public white-box cryptographic implementations and their practical attacks.
webapp-checklist - Technical details that a programmer of a web application should consider before making the site public.
XssPy - XssPy - Web Application XSS Scanner
break-fast-serial - A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs
Nscan - Nscan: Fast internet-wide scanner
struts-pwn - An exploit for Apache Struts CVE-2017-5638
ReconScan - Network reconnaissance and vulnerability assessment tools.
Ebowla - Framework for Making Environmental Keyed Payloads
pwlist - Password lists obtained from strangers attempting to log in to my server.
changeme - A default credential scanner.
pbtk - A toolset for reverse engineering and fuzzing Protobuf-based apps
Jarvis - Personal Assistant for Linux
labs - Vulnerability Labs for security analysis
Veil - Veil 3.0
exploits -
whoishere.py - WIFI Client Detection - Identify people by assigning a name to a device performing a wireless probe request.
ML-From-Scratch - Bare bones Python implementations of some of the fundamental Machine Learning models and algorithms.
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
evilpass - Slightly evil password strength checker
Pytroj - A tool for infected .pyc files with arbitrary code that spreads out to infect all other .pyc files
basicRAT - python remote access trojan
CTF - Flask platform for Capture The Flag challenges
picoCTF-Platform-2 - A genericized version of picoCTF 2014 that can be easily adapted to host CTF or programming competitions.
pURL - API testing tool written with Python
Cypher - Pythonic ransomware proof of concept.
ctf - My solutions of CTFs
carml - Command-line utility to control Tor.
hardentheworld - Harden the world is a community driven project to develop hardening guidelines and checklists for common software and devices.
tls13-spec - TLS 1.3 Specification
Wifi-Dumper - This is an open source tool to dump the wifi profiles and cleartext passwords of the connected access points on the Windows machine. This tool will help you in a Wifi penetration testing. Furthermore, it is useful while performing red team or an internal infrastructure engagements.
voltron - A hacky debugger UI for hackers
awesome-iot - Awesome IoT. A collaborative list of great resources about IoT Framework, Library, OS, Platform
rpivot - socks4 reverse proxy for penetration testing
winsharecrawler - Python crawler for remote Windows shares
DHCP-Powner - DHCP Starvation Exploit
WASE - The Web Audit Search Engine - Index and Search HTTP Requests and Responses in Web Application Audits with ElasticSearch
HashTag - Password Hash Identification
SmeegeScrape - File/Web Text Scraper and Wordlist Generator
shellconv - Small tool for disassembling shellcode (using objdump)
malware_analysis - Various snippets created during malware analysis
Metaphor - Metaphor - Stagefright with ASLR bypass
pentestly - Python and Powershell internal penetration testing framework
gladius - Automated Responder/secretsdump.py cracking
boofuzz - A fork and successor of the Sulley Fuzzing Framework
BMW-i-Remote - A reverse engineered interface for the BMW i3 Electric Car
BlackHat_2015 - Distributing the REconstruction of High-Level IR for Large Scale Malware Analysis
android_fde_bruteforce - Scripts to bruteforce Android's Full Disk Encryption off the device
PytheM - Multi-purpose pentest framework
binwalk - Firmware Analysis Tool
pat - Customizable lazy exploit pattern utility.
bintut - Teach you a binary exploitation for great good.
BFuzzer - A Browser Fuzzer for Vulnerbilities
betabot-re - Beta Bot reverse engineering work
shiva - Spam Honeypot with Intelligent Virtual Analyzer
yapdns - YAPDNS
droidbot - A lightweight test input generator for Android
cuckooml - CuckooML: Machine Learning for Cuckoo Sandbox
beeswarm - Honeypot deployment made easy
snapchat-decrypt - Python script for decrypting stored images from Snapchat version 5.0.34.nn
Marvin-static-Analyzer - Marvin static analyzer is an Android application vulnerability scanner. The framework uses androguard and Static Android Analysis Framework (SAAF).
Marvin-dynamic-Analyzer - Dynamic android vulnerability scanner using OpenNebula and Android-x86 emulators.
barf-project - BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework
pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
needle - The iOS Security Testing Framework
iloot - OpenSource tool for iCloud backup extraction
phpkit - PHP Backdooring framework using include() and php://input to execute code.
pr0cks - python script setting up a transparent proxy to forward all TCP and DNS traffic through a SOCKS / SOCKS5 or HTTP(CONNECT) proxy using iptables -j REDIRECT target
django-th - Trigger Happy - take the control of your data with this bridge between your internet services
Gooey - Turn (almost) any Python command line program into a full GUI application with one line
fibratus - Tool for exploration and tracing of the Windows kernel
pyspider - A Powerful Spider(Web Crawler) System in Python.
you-get - ⏬ Dumb downloader that scrapes the web
cheat - cheat allows you to create and view interactive cheatsheets on the command-line. It was designed to help remind *nix system administrators of options for commands that they use frequently, but not frequently enough to remember.
faker - Faker is a Python package that generates fake data for you.
django-rules - Awesome Django authorization, without the database
mqtt-bridges - Various bridges between MQTT and different hardware written in python for use with OpenHab
pytomation - Pytomation is an extensible device communication and automation system written in Python. It's uses include home automation and lighting control but is certainly not limited to that. It is supported on any platform that support Python ( Windows, Mac OS-X, Linux, etc )
alldaydevops-aism - All Day DevOps - Automated Infrastructure Security Monitoring and Defence (ELK + AWS Lambda)
pocs - Proof-of-Concept scripts for various issues.
wharfee - A CLI with autocompletion and syntax highlighting for Docker commands.
fbctf17052014 - Some scripts I wrote for the Facebook CTF on May 17, 2014 in San Diego.
safety-db - A curated database of insecure Python packages
Sentiment-Analysis-Twitter - 🎓RESEARCH [NLP 💭] We use different feature sets and machine learning classifiers to determine the best combination for sentiment analysis of twitter.
HackSpy-Trojan-Exploit - This tool creates almost undetectabe trojan virus to exploit windows machine.
flask-intro - Introduction to Flask showing much of the basic functionality. Plus, I built a task manager application called FlaskTaskr.
pat - Pentester Automation Tool
PyGithub - Typed interactions with the GitHub API v3
flask-security-admin-example - Example of combining Flask-Security and Flask-Admin
Bluto - DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Checking
python-nvd3 - Python Wrapper for NVD3 - It's time for beautiful charts
worm-ssh - Create a worm that bruteforces SSH and "infect" the system.
cowrie - Cowrie SSH/Telnet Honeypot
DSVW - Damn Small Vulnerable Web
openstack-ansible-security - Security Role for OpenStack-Ansible
EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
MonitorDarkly - Poc, Presentation of Monitor OSD Exploitation, and shenanigans of high quality.
creepy - A geolocation OSINT tool. Offers geolocation information gathering through social networking platforms.
pwntools - CTF framework and exploit development library
D-TECT - D-TECT - Pentesting the Modern Web
azure-linux-extensions - Linux Virtual Machine Extensions for Azure
lektor - The lektor static file content management system
social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
aws-waf-sample - Lambda script that blocks IP addresses based on the number of requests.
aws-config-rules - [Node, Python, Java] Repository of sample Custom Rules for AWS Config.
spike - A cool web interface to manage rules for naxsi
foghorn - The foghorn project is a DNS proxy intended to reduce user exposure to phishing and other malicious items that can be interdicted by DNS greylisting
tplmap - Code and Server-Side Template Injection Detection and Exploitation Tool
TekDefense-Automater - Automater - IP URL and MD5 OSINT Analysis
spoofcheck - Simple script that checks a domain for email protections
SimpleEmailSpoofer - A simple Python CLI to spoof emails.
CANToolz - CANToolz - framework for black-box CAN network analysis
huatian-funny - 科学地分析自己的择偶观
pyauto - 《python自动化运维:技术与最佳实践》书中示例及案例源码
Diffie-Hellman_Backdoor - How to backdoor Diffie-Hellman
bwscanner - Bandwidth authority scanner
anonBrowser - Anonymous python based browser
weevely3 - Weaponized web shell
malspider - Malspider is a web spidering framework that detects characteristics of web compromises.
Effective-Python-Penetration-Testing - Effective Python Penetration Testing by Packt Publishing
plasma - Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
explainshell - match command-line arguments to their help text
kivy - Open source UI framework written in Python, running on Windows, Linux, macOS, Android and iOS
pyJoiner - pyJoiner - Exe Joiner (Kali Linux Version)
datasploit - A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data.
droid-ff - Android File Fuzzing Framework
wifi - [unmaintained] WiFi tools for linux
LANs.py - Inject code, jam wifi, and spy on wifi users
python-markdown-oembed - Markdown extension to allow media embedding using the oEmbed standard.
mkdocs - Project documentation with Markdown.
Pazuzu - Pazuzu: Reflective DLL to run binaries from memory
the-backdoor-factory - Patch PE, ELF, Mach-O binaries with shellcode
github_cloner - Clone github repositories of a user / organization
waldo -
wifiphisher - Automated victim-customized phishing attacks against Wi-Fi clients
AutoLocalPrivilegeEscalation - An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically
ranger - A tool for security professionals to access and interact with remote Microsoft Windows based systems.
GitMiner - Tool for advanced mining for content on Github
Mobile-Security-Framework-MobSF - Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.
zmqc - netcat for ØMQ. Small but powerful.
scripts - Scripts I use during pentest engagements.
script-collection - Collection of my scripts ranging from bash or python or shell. Readme will contain list of which script does what.
crawler - Web Scraping Framework
grab - Web Scraping Framework
pymiproxy - A small and sweet man-in-the-middle proxy capable of doing HTTP and HTTP over SSL.
pymetasploit - A full-fledged msfrpc library for Metasploit framework.
Winpayloads - Undetectable Windows Payload Generation
maybe - 📂 🐇 🎩 See what a program does before deciding whether you really want it to happen.
AutoNessus - This script communicates with the Nessus API in an attempt to help with automating scans. Depending on the flag issued with the script, you can list all scans, list all policies, start, stop, pause, and resume a scan.
w3af - w3af: web application attack and audit framework, the open source web vulnerability scanner.
Routerhunter-2.0 - Testing vulnerabilities in devices and routers connected to the Internet.
whatportis - A command to search port names and numbers
thefuck - Magnificent app which corrects your previous console command.
poet - Post-exploitation tool
exploitpack - Exploit Pack - One step ahead
pacemaker - Heartbleed (CVE-2014-0160) client exploit
Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
exploit-database-bin-sploits - Exploit Database binary exploits located in the /sploits directory
CMS-Exploit-Framework - CMS Exploit Framework
getExploit - 💣 Download exploits from exploit-db.com
exploits - Some exploits and exploit development stuff.
exploits - Miscellaneous exploit code
RATDecoders - Python Decoders for Common Remote Access Trojans
peda - PEDA - Python Exploit Development Assistance for GDB
Pompem - Find exploit tool
toriptables2 - Tor Iptables script is an anonymizer that sets up iptables and tor to route all services and traffic including DNS through the tor network.
PyCat - Python network tool, similar to Netcat with custom features.
Ares - Python botnet and backdoor
pyinstaller - Freeze (package) Python programs into stand-alone executables
uncurl - A library to convert curl requests to python-requests.
hashID - Software to identify the different types of hashes -
github-dorks - Collection of github dorks and helper tool to automate the process of checking dorks
wordbrutepress - Wordpress Brute Force Multithreading with standard and xml-rpc login
get_prox - get proxies. nothing more, nothing less
pythonpentest - A repository for large scripts from my book.
crawler - a web crawler
deep-pink - Deep Pink is a chess AI that learns to play chess using deep learning.
neural-networks-and-deep-learning - Code samples for my book "Neural Networks and Deep Learning"
deeppy - Deep learning in Python
deepnet - Implementation of some deep learning algorithms.
DeepLearningTutorials - Deep Learning Tutorial notes and code. See the wiki for more info.
lulz2 - lulz2
lulz - lulz: automated webstalking tool
Scripts-Sploits - A number of scripts POC's and problems solved as pentests move along.
MS17-010 - MS17-010 Windows SMB RCE -- exploits, payloads, and scanners
WhatWeb - Website Fingerprinter
squirtle - Squirtle the Browser-based NTLM Attack Toolkit
metasploitable3-readme - Rails app for Metasploitable3 information.
BreakingBricks - Some tools used in the Ruxcon / Kiwicon /SECT-T presentation "Breaking Bricks and Plumbing Pipes: Cisco ASA a Super Mario Adventure."
linux-baseline - DevSec Linux Baseline - InSpec Profile
ctf - some tasks/solutions from CTF challenges
watchtower - Watchtower is a Static Code Analysis tool designed to assist security auditors who are tasked with performing manual code reviews. It is platform- and language-agnostic.
watchtower - Watchtower is a Static Code Analysis tool designed to assist security auditors who are tasked with performing manual code reviews. It is platform- and language-agnostic.
cross - A tool for finding Cross Site Scripting vulnerabilities in web applications
brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
ssh_scan - A prototype SSH configuration and policy scanner (Blog: https://mozilla.github.io/ssh_scan/)
mastodon - A GNU Social-compatible microblogging server
rbkb - Ruby BlackBag. Misc ruby-based pen-testing/reversing tools. Inspired by Matasano BlackBag.
Meterpreter-Scripts - Meterpreter Scripts that I'm working on
Metasploit-Plugins - Plugins for Metasploit Framework
BinProxy - BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem.
bettercap - A complete, modular, portable and easily extensible MITM framework.
Serpico - SimplE RePort wrIting and COllaboration tool
CeWL - CeWL is a Custom Word List Generator
vsaudit - VOIP Security Audit Framework
wordpress-exploit-framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
wpsploit - WPSploit - Exploiting Wordpress With Metasploit
ruby-SSLscanner - A simple and easy to use SSL Cipher scanner
viproy-voipkit - VIPROY - VoIP Pen-Test Kit for Metasploit Framework
automato - automato should help with automating some of the user-focused enumeration tasks during an internal penetration test.
arachni - Web Application Security Scanner Framework
dradis-ce - Dradis Framework: Colllaboration and reporting for IT Security teams
hoper - Security tool to trace URL's jumps across the rel links to obtain the last URL
yawast - The YAWAST Antecedent Web Application Security Toolkit
wpscan - WPScan is a black box WordPress vulnerability scanner.
owasp-mstg - The Mobile Security Testing Guide (MSTG) is the ultimate guide for mobile app security testing and reverse engineering.
searchpass - A simple tool for offline searching of default credentials for network devices, web applications and more.
rex-exploitation - Rex library for various exploitation helpers
win32-security - A Ruby interface for security aspects of MS Windows
HatCloud - Bypass CloudFlare with Ruby
scripts - A collection of useful scripts for penetration testers
Docker-War - Docker based Wargame Platform - To practice your CTF skills
cii-best-practices-badge - Core Infrastructure Initiative Best Practices Badge
commit-watcher - Find interesting and potentially hazardous commits in git projects
Kaffeine - Keeping free Heroku apps awake.
gitrob - Reconnaissance tool for GitHub organizations
droid-hunter - Android application vulnerability analysis and Android pentest tool
API-fuzzer - API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities
frog - Frog is a command line tool to help you quickly jump to the right Android doc.
metasploit-framework - Metasploit Framework
ciphr - a CLI tool for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for infosec uses.
metasploit-framework - Metasploit Framework
java - Chef Java Cookbook
- bfg-repo-cleaner - Removes large or troublesome blobs like git-filter-branch does, but faster. And written in Scala
- radamsa - a general-purpose fuzzer
nsd-dnssec - 🐳 Simple authoritative name server with DNSSEC support using Docker
oss-fuzz - OSS-Fuzz - continuous fuzzing of open source software
hispagatos-enumeration - Bash script that runs most of the external enumeration with some logic
Packaging_Tools - This repository contains various shell scripts and tips and tricks used for packaging androidtamer packages
P4wnP1 - P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W.
ipv6-workshop - IPv6 Workshop Slides and Exercise Files
Pentest-Scripts - Github for the scripts utilised during Penetration test
static-binaries - Various *nix tools built as statically-linked binaries
ansible-pentest-with-tor - Use Tor for anonymous scanning with nmap
docker-dvwa - Docker image for DVWA(Damn Vulnerable Web Application)
Ubuntu-Telemetry-Free-Privacy-Secure - Bash script, which helps to remove telemetry and do system more private and secure
lair-docker - Lair Framework dockerized.
docker-bench-security - The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
autoenv - Directory-based environments.
vagrant_pwn - Reversing-Pwning Vagrant setup
mitm-vm - An easy-to-deploy virtual machine that can provide flexible man-in-the-middle capabilities.
git-secret - 👥 A bash-tool to store your private data inside a git repository.
shARP - An anti-ARP-spoofing application software that use active scanning method to detect and remove any ARP-spoofer from the network.
Microsploit - Fast and easy create backdoor office exploitation using module metasploit packet , Microsoft Office , Open Office , Macro attack , Buffer Overflow
ansible-lxd - Ansible role to setup LXD, its bridge, pre-copy images and eventually pre-configure some
ansible-harden - harden system (linux, unix...)
RogueSploit - Powerfull social engeering Wi-Fi trap!
dirtshell - Provide a sort of shell-ish interface to make file directory traversal quicker and easier.
cheat-sheets - Various Cheat Sheets related to development and security
FakeImageExploiter - Use a Fake image.jpg (hide known file extensions) to exploit targets
ctf-tools - Some setup scripts for security research tools.
Autosnort - Repo for autosnort scripts.
setup-ipsec-vpn - Scripts to build your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS
algo - Set up a personal IPSEC VPN in the cloud
bootcamp - A open contribute bootcamp to develop DevSecOps skills...
python-cookbook - Code samples from the "Python Cookbook, 3rd Edition", published by O'Reilly & Associates, May, 2013.
openssh-backdoor-kit - 💣 just for fun ¯_(ツ)_/¯
Nix-Auditor - Nix Audit made easier (RHEL, CentOS)
PoCs - Proof of Concepts for CVE-2016–3714
docker-ipv6 - Scripts and tools for Docker with IPv6 Prefix Delegation
BinGoo - BinGoo! A Linux bash based Bing and Google Dorking Tool
backdoorppt - transform your payload.exe into one fake word doc (.ppt)
lunar - A UNIX security auditing tool based on several security frameworks
testssl.sh - Testing TLS/SSL encryption anywhere on any port
DVCS-Pillage - Pillage web accessible GIT, HG and BZR repositories
Mass-Hacker-Arsenal - Massive arsenal of hacker tools...
CDMCS - Cyber Defence Monitoring Course Suite :: Suricata, Bro, Moloch
afl-trivia - Short, unrelated helper scripts for users of AFL (the fuzzer)
discover - For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks.
gitlist -
BruteX - Automatically brute force all services running on a target.
Airoscript - Airoscript-ng
PenTestKit - Useful tools for Penetration Testing
MIDA-Multitool - Bash script purposed for system enumeration, vulnerability identification and privilege escalation.
pentest - ⛔ offsec batteries included
airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
docker-webappsecscanbox - Docker build file providing an Image exposing some web app scan in order to use the image as command line tools.
security_ctf - Security Capture The Flag (CTF) competition writeups and learning notes.
docker-ipsec-vpn-server - Docker image to run an IPsec VPN server, with IPsec/L2TP and Cisco IPsec
pwnbox - Docker container with tools for binary reverse engineering and exploitation.
autovpn - Create On Demand OpenVPN Endpoints on AWS.
linpostexp - Linux post exploitation enumeration and exploit checking tools
python-for-system-administration - A workshop on using Python language for system administration
script-hack-github-commit-graph - Hack the Github commit graph: add previous dates or write a word on it!
docker_practice - Learn and understand Docker, with real DevOps practice!
wicked_cool_shell_scripts_2e - Full shell scripts for the second edition of Wicked Cool Shell Scripts
rpi-mitmproxy-gateway - Build an SSL capable transparent proxying WiFi Access point with budget commodity hardware and Open Source software.
pwndsh - Post-exploitation framework (and an interactive shell) developed in Bash shell scripting
OpenVPN-Setup - Shell script to set up Raspberry Pi (TM) as an OpenVPN server
ovpngen - Generate an OpenVPN Connect private tunnel profile in the unified format
backdoor-apk - backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.
og-aws - 📙 Amazon Web Services — a practical guide
getting-started-with-public-cloud-iaas-null-blr-puliya - null Bangalore Puliya on Getting Started with Public Cloud IAAS (AWS/GCP/Azure)
dokku - A docker-powered PaaS that helps you build and manage the lifecycle of applications
workshop -
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
docker-monitor - Scripts and configuration to help you monitor your Docker containers
docker-swarm-demo - A demo of Docker Swarm
vagrant-pentester - Vagrant / Puppet based vulnerable web application suite - needs updating
cheat-scripts - because you cant remember everything
INE-VIRL - INE VIRL Topologies & Initial Configs
blackarch - BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers.
securityheaders - Bash script for checking HTTP headers for security
damneasygentoo - An SH script that installs gentoo from a live media, all from a user friendly GUI.
pentestpackage - a package of Pentest scripts I have made or commonly use
halcyon - System for installing Haskell apps
- kwetza - Python script to inject existing Android applications with a Meterpreter payload.
Applied-Crypto-Hardening - Best Current Practices regarding secure online communication and configuration of services using cryptography.
os01 - Bootstrap yourself to write an OS from scratch. A book for self-learner.
gdb-cheatsheet - GDB cheatsheet for reversing binaries
r2-cheatsheet - Radare2 cheat-sheet
RE-for-beginners - "Reverse Engineering for Beginners" free book
programming-cheatsheets - Programming cheatsheets (Python, Bash, Haskell...)
MaliciousMacroGenerator - Malicious Macro Generator
COMRaider - ActiveX Fuzzing tool with GUI, object browser, system scanner, and distributed auditing capabilities
Crypter - Windows Crypter
ntstream -
winerr - A simple UI tool that enumerates Windows System Error Codes and allows you to search using a specific error code.
adbrute -
To the extent possible under law, Chan9390 has waived all copyright and related or neighboring rights to this work.