There are 122 repositories under pentest-tool topic.
Web path scanner
hydra
Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
The all-in-one Red Team extension for Web Pentester 🛠
暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
The LAZY script will make your life easier, and of course faster.
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
A high performance offensive security tool for reconnaissance and vulnerability scanning
Automation for internal Windows Penetrationtest / AD-Security
An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
SSRF (Server Side Request Forgery) testing resources
Privilege Escalation Enumeration Script for Windows
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
The Last Web Recon Tool You'll Need
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
iOS/macOS/Linux Remote Administration Tool
Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点
红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具
Abusing Impersonation Privileges on Windows 10 and Server 2019
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。