z3r0-0t

revsuit

RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.

Bashfuscator

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

JNDI-Exploit-Kit

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection）

cve

Gather and update all available and newest CVEs with their PoC.

xray

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Windows10Exploits

Microsoft » Windows 10 : Security Vulnerabilities

GitGot

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

HostHunter

HostHunter a recon tool for discovering hostnames using OSINT techniques.

SUDO_KILLER

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

vulnx

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

pypykatz

Mimikatz implementation in pure Python

Pentest-Tools

traitor

:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

monkey

Infection Monkey - An open-source adversary emulation platform

CVE-2020-9484-Mass-Scan

CVE-2020-9484 Mass Scanner, Scan a list of urls for Apache Tomcat deserialization (CVE-2020-9484) which could lead to RCE

CVE-2020-8515-PoC

CVE-2020-8515-PoC

Sudomy

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

nmapvision

This tool is for detecting all what NMAP does if someone wants to hack you and expose the scanning from where by IP ADDRESS and the exact time for analysis and convert it automatically in logsfile

RustScan

🤖 The Modern Port Scanner 🤖

swap_digger

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

mimipenguin

A tool to dump the login password from the current linux user

PENTESTING-BIBLE

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

WebShell-2

Webshell

chisel

A fast TCP/UDP tunnel over HTTP

CVE-2020-2555

CVE-2020-2555 Python POC

eapeak

Analysis Suite For EAP Enabled Wireless Networks

linux-soft-exploit-suggester

Search Exploitable Software on Linux

vlan-hopping---frogger

Easy 802.1Q VLAN Hopping

Mr.SIP

SIP-Based Audit and Attack Tool