behneyh

flan

A pretty sweet vulnerability scanner

nmap-vulners

NSE script based on Vulners.com API

awesome-osint

:scream: A curated list of amazingly awesome OSINT

sherlock

Hunt down social media accounts by username across social networks

php-reverse-shell

awesome-honeypots

an awesome list of honeypot resources

awesome-burp-extensions

A curated list of amazingly awesome Burp Extensions

Pentest-Tools

XSStrike

Most advanced XSS scanner.

poisontap

Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.

pentest-wiki

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

SessionGopher

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

LaZagne

Credentials recovery project

BeRoot

Privilege Escalation Project - Windows / Linux / Mac

SafetyKatz

SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader

Rubeus

Trying to tame the three-headed dog.

Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

p0wnedShell

PowerShell Runspace Post Exploitation Toolkit

fuzzdb

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

pwnagotchi

(⌐■_■) - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning.

Complete-Python-3-Bootcamp

Course Files for Complete Python 3 Bootcamp Course on Udemy

WebGoat

WebGoat is a deliberately insecure application

mremoteng-decrypt

mRemoteNG Config File Decrypt

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

amass

In-depth attack surface mapping and asset discovery

gobuster

Directory/File, DNS and VHost busting tool written in Go

Sublist3r

Fast subdomains enumeration tool for penetration testers

ghidra

Ghidra is a software reverse engineering (SRE) framework

SocialFish

Phishing Tool & Information Collector

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.