p4nd0rum

rdpwrap

RDP Wrapper Library

john

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

ScoutSuite

Multi-Cloud Security Auditing Tool

RedTeaming-Tactics-and-Techniques

Red Teaming Tactics and Techniques

mimipenguin

A tool to dump the login password from the current linux user

BruteX

Automatically brute force all services running on a target.

owtf

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

hash_extender

nmap-bootstrap-xsl

A Nmap XSL implementation with Bootstrap.

AWS-IAM-Privilege-Escalation

A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.

NetNTLMtoSilverTicket

SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket

Goohak

Automatically Launch Google Hacking Queries Against A Target Domain

ctf-tools

tổng hợp tool ctf

Nosql-Exploitation-Framework

A Python Framework For NoSQL Scanning and Exploitation

vulncode-db

Vulncode-DB project

NtdsAudit

An Active Directory audit utility

Commodity-Injection-Signatures

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

See-SURF

Python based scanner to find potential SSRF parameters

psychoPATH

psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support, single byte generator, payload export.

CVE-2019-0841

PoC code for CVE-2019-0841 Privilege Escalation vulnerability

goaltdns

A permutation generation tool written in golang

CryptOMG

CryptOMG is a configurable CTF style test bed that highlights common flaws in cryptographic implementations.

XSSTracer

A small python script to check for Cross-Site Tracing (XST)

wce

Windows Credentials Editor v1.3beta

HTTPoxyScan

HTTPoxy Exploit Scanner by 1N3 @CrowdShield

dnsdbq

DNSDB API Client, C Version

scripts

Some useful scripts I have written or collected

DDEAutoCS

A cobaltstrike script that integrates DDEAuto Attacks

KerberosUserEnum

Kerberos accounts enumeration taking advantage of AS-REQ

inf_catalog_signing_poc

Proof of concept to "bypass" signing enforcement by tainting the Windows CA.