Modlishka. Reverse Proxy.

Next generation web scanner

An HTTP/HTTPS intercept proxy written in Go.

A Golang implant that uses Slack as a command and control server

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

A MongoDB importer and API for Project Sonars DNS datasets

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

Automated brute-forcing attack tool.

A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies

XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.

A repository of tools for pentesting of restricted and isolated environments.

VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted, security report maker, vulnerability report builder. Complete templates of issues, CWE, CVE, AES encryption, Nmap/Nessus/Burp/OpenVAS issues import, Jira export, TXT/HTML/PDF report, attachments, automatic changelog and statistics, vulnerability management.

PENIOT: Penetration Testing Tool for IoT

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

Infection vector that bypasses AV, IDS, and IPS. (For now...)

Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)

A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate

Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.

Functions that can be used to gain Reverse Shells with PowerShell

Combo List Generator for Android Devices (Termux) by @voldemort1912.

一款适用于(Android、iOS、WEB、H5、静态网站)，信息检索的工具，可以帮助渗透测试人员快速获取App或者WEB中的有用资产信息。

X_INSTA Powerful INSTAGRAM Password Brute Force Tool For Windows

Sp00fer blog post -

A Burp Suite plugin/extension that offers a shell in Burp. Both useful for OS Command injection and LFI exploration

IN THIS REPOSITORY YOU'LL SEE SOME OF THE ADVANCED COMMAND THAT YOU CAN TRY ON YOUR LINUX SYSTEM & DO YOUR WORK QUICKLY | I'LL BE ADD 10 COMMANDS DAILY SO STAY TUNED TO LEARN SOMETHING NEW

DevBrute is a Password Brute Forcer, It can Brute Force almost Social Media Accounts or Any Web Application.

Domain Seeker