penetration-testing-tools

Modlishka. Reverse Proxy.

Next generation web scanner

CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.

An HTTP/HTTPS intercept proxy written in Go.

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

A Golang implant that uses Slack as a command and control server

A MongoDB importer and API for Project Sonars DNS datasets

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies

Automated brute-forcing attack tool.

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

A repository of tools for pentesting of restricted and isolated environments.

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

A tool to test security of json web token

VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted. Complete templates of issues, CWE, CVE, MITRE ATT&CK, PCI DSS, AES encryption, Nmap/Nessus/Burp/OpenVAS issues import, Jira export, TXT/HTML/PDF report, attachments, automatic changelog, statistics, vulnerability management, Security report builder.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

PENIOT: Penetration Testing Tool for IoT

XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate

Infection vector that bypasses AV, IDS, and IPS. (For now...)

Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)

Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers

Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.

Combo List Generator for Android Devices (Termux) by @voldemort1912.

Automate installation of extra pentest tools on Kali Linux

Functions that can be used to gain Reverse Shells with PowerShell