Modlishka. Reverse Proxy.

Next generation web scanner

An HTTP/HTTPS intercept proxy written in Go.

A Golang implant that uses Slack as a command and control server

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

A MongoDB importer and API for Project Sonars DNS datasets

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

Automated brute-forcing attack tool.

A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies

A repository of tools for pentesting of restricted and isolated environments.

XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.

PENIOT: Penetration Testing Tool for IoT

VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted, security report maker, vulnerability report builder. Complete templates of issues, CWE, CVE, AES encryption, Nmap/Nessus/Burp/OpenVAS issues import, Jira export, TXT/HTML/PDF report, attachments, automatic changelog and statistics, vulnerability management.

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.

Infection vector that bypasses AV, IDS, and IPS. (For now...)

Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)

A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate

Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers

Functions that can be used to gain Reverse Shells with PowerShell

Combo List Generator for Android Devices (Termux) by @voldemort1912.

CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

X_INSTA Powerful INSTAGRAM Password Brute Force Tool For Windows

Sp00fer blog post -

A Burp Suite plugin/extension that offers a shell in Burp. Both useful for OS Command injection and LFI exploration

IN THIS REPOSITORY YOU'LL SEE SOME OF THE ADVANCED COMMAND THAT YOU CAN TRY ON YOUR LINUX SYSTEM & DO YOUR WORK QUICKLY | I'LL BE ADD 10 COMMANDS DAILY SO STAY TUNED TO LEARN SOMETHING NEW

DevBrute is a Password Brute Forcer, It can Brute Force almost Social Media Accounts or Any Web Application.