- 8dot3-brute is a script to brute force Windows 8.3 filenames and directories in web servers.
- Albatar is a SQLi exploitation framework in Python.
- A collection of AWS penetration testing junk.
- A BLE scanner for "smart" devices hacking based on the python bluepy library.
- An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker.
- A default credential scanner.
- Use nmap to scan hidden "onion" services on the Tor network.
- Python script to automate a number recon, enumeration, testing and report generation against a given domain.
- A plugin based C2 server framework.
- Bruteforce DNS Subdomains and URI's.
- GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound.
- Inveigh is a PowerShell LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system.
- Nameserver DNS poisoning attacks made easy.
- A Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire.
- macOS keychain cracking tool.
- An intelligent password recovery tool.
- Just in case you need to scan 100,000.000/hr.
- Office Exploitation Tool.
- A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz.
- PowerShell Runspace Post Exploitation Toolkit.
- A network sniffer that logs all DNS server replies for use in a passive DNS setup.
- This tool can be used to brute discover GET and POST parameters
- PRinter Exploitation Toolkit.
- A portable console aimed at making pentesting with PowerShell a little easier.
- A powerful and useful hacker dictionary builder for a brute-force attack.
- An all in one tool for information gathering, SQL vuln scanning and crawling.
- A LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
- MetaSploit Framework for routers.
- A tool for
interacting withabusing Exchange Servers remotely.
- Python script used to search for (and download) exploits across Exploit-DB, Metasploit, Packetstorm and others. It has a autorun feature that sounds kinda not smart.
- SS7 MAP (pen-)testing toolkit built on the Osmocom SS7 stack.
- A legitimate website (browsable) that tunnels client/server communications for covert command execution.
- Code and Server-Side Template Injection Detection and Exploitation Tool.
- A PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine.
- A suite of Wordpress attack tools.
WPFX: The Wordpress Exploit Framework
- A simple WordPress Security Scanner
- A collection of pre-compiled exploits for different versions of Windows.
- A BurpSuite extension to identify and test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues using the boto/boto3 SDK library.
- A tool for the Cobalt Strike framework, designed to automatically parse and execute BloodHound attack paths.
- An extension to compliment Burp's active scanner by unknown classes of injection vulnerabilities.
- Plugins for BloodHound.
- Vulnerability scanner based on vulners.com search API.
- Domain Admin with a push of a button
- An improved decoder for Burp Suite.
[HUNT])https://github.com/bugcrowdlabs/HUNT
- A Burp extension to identify common parameters vulnerable to certain vulnerability classes and organize testing methodologies inside Burp Suite.
- J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
- A simple burp plugin that highlights the Proxy history to differentiate requests made by different browsers. The way this works is that each browser would be assigned one color and the highlights happen automatically.
- Official Black Hat Arsenal Security Tools Repository.
- An essay and python program to help with email forensics.
- A technique for creating SSL client fingerprints that are easy to produce and can be easily shared for threat intelligence.
- A security auditing and hardening tool, for UNIX-based systems.
- by Chris Truncer.
- EyeWitness is designed to take screenshots of websites, RDP services, and open VNC servers, provide some server header info, and identify default credentials if possible.
- A collection of all the lists, scripts and techniques that can be used while doing web application penetration tests.
- A tool for testing AWS EC2 / S3 / CloudTrail / CloudWatch / KMS security and recommending techniques to harden the instance.
- decrypted initial dump of eqgrp-auction-file.tar.xz. Mostly outdated *nix exploits.
- The second dump dealing with Fuzzbunch and some other windows exploits.
- OSS pentesting management and automation by Salesforce.
- An Open Source Incident Management and Response Platform.
- A tool used for REST API pentesting.
- Intrigue-core is a framework for attack surface discovery.
- A tool that can scan php vulnerabilities automatically using static analysis methods.
- Web framework that allows performing periodic syncs of data sources and performing analysis on the identified results. Made by Netflix.
Adversarial Tactics, Techniques & Common Knowledge
- A threat modeling methodology and suite of models for the various phases of an adversary's lifecycle and platforms that are known to be targeted by cyber threats. ATT&CK models are useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.
Attacking Microsoft Office/Openoffice with Metasploit Macro Exploits
- A curated list of awesome Windows Exploitation resources, and shiny things. Inspired by awesom.
The complete list of Infosec related cheat sheets
Detecting Lateral Movement through Tracking Event Logs
Finding Cyber Threats with ATT&CK-Based Analytics
Free tools for auditing the security of an AWS account
- Solid three part read on setting up Fuzzbunch.
How to bootstrap self-service continuous fuzzing
Hunting Red Team Meterpreter C2 Infrastructure
InfoSec Isn’t a Job, It’s a Lifestyle
- A fantastic collection of articles relating to shellcode development, exploitation, research and more. An incredible resource.
Learning From the Field: Basic Network Hygiene
Local Linux Enumeration & Privilege Escalation Cheatsheet
- A list of resources used to prepare for the PWK OSCP Course.
Python for Metasploit Automation
The Traveling Pentester: Diaries of the Shortest Path to Comprimise
- A quick, but complete walk-through on cracking wpa/wpa2 routers with common wireless tools.