There are 94 repositories under pentest-tool topic.
Web path scanner
hydra
Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
The all-in-one Red Team extension for Web Pentester 🛠
httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
The LAZY script will make your life easier, and of course faster.
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
A high performance offensive security tool for reconnaissance and vulnerability scanning
An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。
Automation for internal Windows Penetrationtest / AD-Security
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
SSRF (Server Side Request Forgery) testing resources
Privilege Escalation Enumeration Script for Windows
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
The Last Web Recon Tool You'll Need
iOS/macOS/Linux Remote Administration Tool
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
ODAT: Oracle Database Attacking Tool
ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
Abusing Impersonation Privileges on Windows 10 and Server 2019