[2067星][12d] tanprathan/mobileapp-pentest-cheatsheet The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
[1347星][2y] [HTML] daxeel/blockshell 用于学习区块链技术概念的命令行工具, 例如 likechaining, mining，proof of work 等
[1332星][3m] jaredthecoder/awesome-vehicle-security A curated list of awesome resources, books, hardware, software, applications, people to follow, and more cool stuff about vehicle security, car hacking, and tinkering with the functionality of your car.
PewPewPew scripts that utilize a common pattern to host a script on a PowerShell webserver, invoke the IEX download cradle to download/execute the target code and post the results back to the server, and then post-process any results.
PowerBreach a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system.
PowerPick allowing the execution of Powershell functionality without the use of Powershell.exe
[1145星][1m] [Batchfile] ckjbug/hacking Collate and develop network security, Hackers technical documentation and tools, code.
[838星][17d] [HTML] rewardone/oscprepo A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' Keepnote. Reconscan in scripts folder.
[643星][6m] [PHP] mattiasgeniar/php-exploit-scripts A collection of PHP exploit scripts, found when investigating hacked servers. These are stored for educational purposes and to test fuzzers and vulnerability scanners. Feel free to contribute.
[431星][2y] rsmudge/malleable-c2-profiles Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
[352星][4y] [Java] rsmudge/cortana-scripts A collection of Cortana scripts that you may use with Armitage and Cobalt Strike 2.x. Cortana Scripts are not compatible with Cobalt Strike 3.x. Cobalt Strike 3.x uses a variant of Cortana called Aggressor Script.
[335星][10d] stamparm/ipsum Daily feed of bad IPs (with blacklist hit scores)
[334星][15d] [PS] mgeeky/penetration-testing-tools A collection of my Penetration Testing scripts, tools, cheatsheets collected over years, used during real-world assignments or collected from various good quality sources.
[299星][25d] [JS] aws-samples/aws-serverless-security-workshop In this workshop, you will learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora. We will cover AWS services and features you can leverage to improve the security of a serverless applications in 5 domains: identity & access management, code, data, infrastructure, logging & monitoring.
[299星][2y] [C] pwning/docs Tips, Tricks, and Suggestions for Running a CTF
[297星][5m] tanprathan/owasp-testing-checklist OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.
[244星][2y] hsis007/usefulwebsitesfor_pentester This repository is to make life of the pentester easy as it is a collection of the websites that can be used by pentesters for day to day studies and to remain updated.
[222星][2m] [PS] tonyphipps/meerkat A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
[221星][2y] sh4hin/mobileapp-pentest-cheatsheet The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
[169星][3y] [Py] northernsec/cve-scan Scan systems with NMap and parse the output to a list of CVE's, CWE's and DPE's
[168星][12m] [Py] mnkgrover08-zz/whatsapp_automation Whatsapp Automation is a collection of APIs that interact with WhatsApp messenger running in an Android emulator, allowing developers to build projects that automate sending and receiving messages, adding new contacts and broadcasting messages multiple contacts.
[148星][7m] [Shell] petermosmans/security-scripts A collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)
[145星][3m] [Py] ripe-atlas-community/ripe-atlas-community-contrib Repository for links towards tools written during hackathons, and a collection of contributions by the community of the RIPE Atlas visualizations, tools for analysing measurements data and other scripts
[135星][11m] [PS] securemode/invoke-apex A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.
[81星][1m] [ObjC] poomsmart/idaobjctypes A collection of types & functions definitions useful for Objective-C binaries analysis.
[79星][2y] iamhdt/ecommerce-website-security-checklist List of considerations for commerce site auditing and security teams. This is summary of action points and areas that need to be built into the Techinical Specific Document, or will be checked in the Security testing phases.
[70星][16d] [Shell] sclorg/s2i-php-container PHP container images based on Red Hat Software Collections and intended for OpenShift and general usage, that provide a platform for building and running PHP applications. Users can choose between Red Hat Enterprise Linux, Fedora, and CentOS based images.
[65星][1y] [Py] immunit/xip XIP generates a list of IP addresses by applying a set of transformations used to bypass security measures e.g. blacklist filtering, WAF, etc.
[65星][5m] [Py] integeruser/on-pwning My solutions to some CTF challenges and a list of interesting resources about pwning stuff
[65星][12m] [HTML] mtesauro/owasp-wte Home of the developement for OWASP WTE - the Web Testing Environment, a collection of pre-packaged Linux AppSec tools, apps and documentation used to create pre-configured VMs or installed ala carte in the Linux of your choice..
[61星][3y] [Py] samyk/awesome-vehicle-security A curated list of awesome resources, books, hardware, software, applications, people to follow, and more cool stuff about vehicle security, car hacking, and tinkering with the functionality of your car.
[57星][3m] [PS] eclypsium/screwed-drivers a centralized source of knowledge which contains a list of drivers determined to be vulnerable as well as example code for how to use this kind of functionality.
[52星][2y] [Py] 0xd34db33f/gfyp Unification of dnstwist + SQLite + Email reporting. Set it as a cron job that runs every hour, give it a list of domains and email addresses for reporting, then watch it go find stuff.
[52星][2y] harshilpatel007/hackinglabs A List Of Labs For People (Students) Who Want Learn OR Practice IT Security / Hacking / Penetration Testing In Ethical Way.
[50星][2y] [PHP] daudmalik06/reconcat A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.
[50星][1y] [PS] dgg-it/match-adhashes Builds a hashmap of AD NTLM hashes/usernames and iterates through a second list of hashes checking for the existence of each entry in the AD NTLM hashmap
[49星][2y] [JS] sola-da/redos-vulnerabilities A list of ReDoS vulnerabilities in npm modules found by the Software Lab at TU Darmstadt. For each vulnerability, there is a proof-of-concept exploit, showing how the slowdown may occur. The resources in this repository are provided for research purpose only. Please read below for more details.
[49星][6m] [Shell] t3chnocat/oscp-ctf oscp-ctf is a small collection of basic Bash scripts that make life easier and save time whether you are in the OSCP labs, HackThebox or playing around with CTFs.
[47星][2m] mohitkhemchandani/oscp_bible This is a collection of resources, scripts, bookmarks, writeups, notes, cheatsheets that will help you in OSCP Preparation as well as for general pentesting and learning. If you feel like you can contribute in it. Please do that, I'll appreciate you.
[42星][3m] [Py] dhn/osee Collection of resources for my preparation to take the OSEE certification.
[42星][2m] mikalv/awesome-i2p A curated list of awesome I2P implementations, libraries, resources, projects, and shiny things. I2P is an anonymous overlay network - a network within a network. It is intended to protect communication from dragnet surveillance and monitoring by third parties such as ISPs.
[38星][1y] [Py] tanc7/arms-commander Malware Suite/Menu designed for "Speedy and No-Mistakes Penetration Testing", written in Python 2.7.13 and tested on Kali Linux 4.6 & 4.9, originally intended to only perform the Reconnaissance and Enumeration Stages (it's role is dramatically expanded now). Requires Python 2.7 + Pip + Termcolor Module. All code is entirely free to be used in yo…
[31星][4y] danielmiessler/ctfsolutiontypes A collection of CTF solution types, i.e. not solutions to specific CTF challenges, but the general categories that those solutions fall under. Includes CTF solution categories for web, binary, network, crypto, and others. Please contribute!
[31星][10m] mmarfil/tinfoilhat A list of privacy-respecting alternatives to apps and services that track you around.
[31星][6y] [Ruby] zeknox/scripts a collection of useful scripts that for penetration testers
[30星][3y] [Py] deadbits/shells collection of useful shells for penetration tests
[30星][5m] [PS] kendalvandyke/sqlpowerdoc SQL Power Doc is a collection of Windows PowerShell scripts and modules that discover, document, and diagnose SQL Server instances and their underlying Windows OS & machine configurations.
[30星][1y] [Tcl] mohemiv/tcltools Сollection of TCL scripts for Cisco IOS penetration testing
[25星][1y] [Go] opennota/hydra Penetration testing tool. This repository has migrated to
[25星][3y] unexpectedby/awesome-pentest-tools List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.
[2918星][10d] secfigo/awesome-fuzzing A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
[2529星][4m] kbandla/aptnotes Various public documents, whitepapers and articles about APT campaigns
[220星][2y] [Py] wwong99/pentest-notes all my penetration testing study notes, penetration testing tools, scripts, techniques, tricks and also many scripts that I found them useful from all over the internet.
[314星][8m] [Py] screetsec/brutesploit BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation,combine,transform and permutation some words or file text :p
[82星][6y] [Java] schierlm/javapayload JavaPayload is a collection of pure Java payloads to be used for post-exploitation from pure Java exploits or from common misconfigurations (like not password protected Tomcat manager or debugger port).
[77星][2y] [Py] stasinopoulos/jaidam Jaidam is an open source penetration testing tool that would take as input a list of domain names, scan them, determine if wordpress or joomla platform was used and finally check them automatically, for web vulnerabilities using two well‐known open source tools, WPScan and Joomscan.
[384星][4y] [PHP] spiderlabs/mcir The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. MCIR is also a collection of configurable vulnerability testbeds.