zshell's repositories
AbsoluteZero
Python APT Backdoor 1.0.0.1
Astra
Automated Security Testing For REST API's
buster
Find emails of a person and return info associated with them
DomainPasswordSpray
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. It will automatically generate a userlist from the domain which excludes accounts that are expired, disabled locked out, or within 1 lockout attempt.
evil-winrm
The ultimate WinRM shell for hacking/pentesting
goop
Google Search Scraper
HRShell
HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
lazyrecon
This script is intended to automate your reconnaissance process in an organized fashion
liffy
Local file inclusion exploitation tool
matomo
Liberating Web Analytics. Star us on Github? +1. Matomo is the leading open alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites, apps & the IoT and visualise this data and extract insights. Privacy is built-in. We love Pull Requests!
memhunter
Live hunting of code injection techniques
nebulousAD
NebulousAD automated credential auditing tool
o365-attack-toolkit
A toolkit to attack Office365
OneForAll
OneForAll是一款功能强大的子域收集工具
PAKURI
Penetration test Achieve Knowledge Unite Rapid Interface
postenum
Postenum is a clean, nice and easy tool for basic/advanced privilege escalation techniques. Postenum tool is intended to be executed locally on a Linux box.
postshell
PostShell - Post Exploitation Bind/Backconnect Shell
RedPeanut
RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.
SecurityNotFound
:newspaper: 404 Page Not Found Webshell
Shelly
Simple Backdoor Manager with Python (based on weevely)
spraykatz
Credentials gathering tool automating remote procdump and parse of lsass process.
sql-injection-payload-list
🎯 SQL Injection Payload List
t14m4t
Automated brute-forcing attack tool.
Telegra_Csharp_C2
Command and Control for C# Writing
Tishna-Automated-Web-Application-Hacker
Complete Automated pentest framework for Servers, Application Layer to Web Security
w13scan
Passive Security Scanner (被动安全扫描器)
wafw00f
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
xmlrpc-bruteforcer
An XMLRPC brute forcer targeting Wordpress written in Python 3. In the context of xmlrpc brute forcing, its faster than Hydra and WpScan. It can brute force 1000 passwords per second.
xssizer
The best tool to find and prove XSS flaws.