shelld3v

followers

following

stars

Hanoi, Vietnam

https://buymeacoffee.com/shells3c

Pham Sy Minh's repositories

JSshell

JSshell - JavaScript reverse/remote shell

Language:Python589 28 14

aquatone

A Tool for Domain Flyovers

Language:JavaScriptMIT81 5 14

PwnVPN

The best exploitation tool for SSL VPN 0day vulnerabilities.

Language:Python79 4 1

RCE-python-oneliner-payload

Python bind shell single line code for both Unix and Windows, used to find and exploit RCE (ImageMagick, Ghostscript, ...)

flydns

Related subdomains finder

Language:PythonApache-2.027 2 1

fresh-public-dns-servers

A huge, fresh and validated list of DNS servers

Language:Python4 20

CVESearch

Query various sources for CVE proof-of-concepts

Language:Go100

dirsearch

Web path scanner

Language:Python1 10

ivre

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

Language:PythonGPL-3.0100

Kraken

Shell script to use reconnaissance tools

Language:SmartyGPL-3.0100

reflector

Burp plugin able to find reflected XSS on page in real-time while browsing on site

Language:Java100

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

Language:PHPMIT100

tplmap

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

Language:PythonGPL-3.0100

uro

declutters url lists for crawling/pentesting

Language:PythonApache-2.0100

Amass

In-depth Attack Surface Mapping and Asset Discovery

Language:GoNOASSERTION000

Anubis

🔓 Subdomain enumeration and information gathering tool

Language:PythonMIT000

Anubis-DB

Database to store previously found subdomains

Language:JavaScript000

chromedp

A faster, simpler way to drive browsers supporting the Chrome DevTools Protocol.

Language:GoMIT000

commix

Automated All-in-One OS command injection and exploitation tool.

Language:PythonNOASSERTION000

dnscan

Language:PythonGPL-3.0000

fiveserver

Open-Source network server for PES5 and PES6 families of the game

Language:PythonBSD-2-Clause000

gamecure

Gamecure, open source

Language:C#Apache-2.0000

gobuster

Directory/File, DNS and VHost busting tool written in Go

Language:GoApache-2.0000

knock

Knock Subdomain Scan

Language:PythonGPL-3.0000

nuclei-templates

Community curated list of templates for the nuclei engine to find a security vulnerability in application.

Language:PythonMIT000

SonarSearch

A MongoDB importer and API for Project Sonars DNS datasets

Language:Go000

sqlmap

Automatic SQL injection and database takeover tool

Language:PythonNOASSERTION000

subbrute

A DNS meta-query spider that enumerates DNS records, and subdomains.

Language:PythonGPL-3.0000

webBE

Language:PythonMIT000

xss-reflector

XSS reflector vulnerabilities exploitation extended.

Language:Java000