PixelZA

Amass

In-depth Attack Surface Mapping and Asset Discovery

assetfinder

Find domains and subdomains related to a given domain

attack_monitor

Endpoint detection & Malware analysis software

AutoBlue-MS17-010

This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010

awesome-security-trivia

🤙 Security Trivia that rare people know.

batea

AI-based, context-driven network device ranking

BloodHound-Owned

A collection of files for adding and leveraging custom properties in BloodHound.

CrackMapExec

A swiss army knife for pentesting networks

droopescan

A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.

easyjre

Easily create an OpenJDK JRE using jlink!

Exchange-AD-Privesc

Exchange privilege escalations to Active Directory

freepbx-shell-admin-module

FreePBX PHP Web Shell Admin Module

gowitness

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

httprobe

Take a list of domains and probe for working HTTP and HTTPS servers

keepnote

Quick and Dirty Penetration Testing Notes

kerbrute

An script to perform kerberos bruteforcing by using impacket

kerbrute-1

A tool to perform Kerberos pre-auth bruteforcing

metasploitable3

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

nishang

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

notable

The Markdown-based note-taking app that doesn't suck.

PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework

pupy

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Redis-Server-Exploit

This will give you shell access on the target system if redis server is not configured properly and faced on the internet without any authentication

scripts

subjack

Subdomain Takeover tool written in Go

unicorn

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.

Veil

Veil 3.1.X (Check version info in Veil at runtime)

waybackurls

Fetch all the URLs that the Wayback Machine knows about for a domain

Windows-Exploit-Suggester

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.

ysoserial

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.