Ejuc's Stars
honze-net/nmap-bootstrap-xsl
A Nmap XSL implementation with Bootstrap.
EnableSecurity/wafw00f
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
1N3/Sn1per
Attack Surface Management Platform
d0ef/fuzz-dict
A collection of Burpsuite Intruder payloads, fuzz lists and file uploads
cisagov/pshtt
Scan domains and return data based on HTTPS best practices
1N3/IntruderPayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
OWASP/API-Security
OWASP API Security Project
RUB-NDS/WS-Attacker
WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum (https://nds.rub.de/ ) and the Hackmanit GmbH (https://www.hackmanit.de/).
zaproxy/community-scripts
A collection of ZAP scripts and tips provided by the community - pull requests very welcome!
rofl0r/proxychains-ng
proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead.
Cyb3rWard0g/HELK
The Hunting ELK
robotattackorg/robot-detect
Detection script for the ROBOT vulnerability
maurosoria/dirsearch
Web path scanner
toolswatch/vFeed
The Correlated CVE Vulnerability And Threat Intelligence Database API
toolswatch/blackhat-arsenal-tools
Official Black Hat Arsenal Security Tools Repository
dafthack/HostRecon
This function runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase. It gathers information about the local system, users, and domain information. It does not use any 'net', 'ipconfig', 'whoami', 'netstat', or other system commands to help avoid detection.
dafthack/CloudPentestCheatsheets
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
dafthack/MailSniper
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
18F/domain-scan
A lightweight pipeline, locally or in Lambda, for scanning things like HTTPS, third party service use, and web accessibility.
swisskyrepo/Vulny-Code-Static-Analysis
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
swisskyrepo/DamnWebScanner
Another web vulnerabilities scanner, this extension works on Chrome and Opera
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
charliejuc/time_based_one_time_password
Time based one time password algorithm with pin generation as well. (TOTP)
s0md3v/XSStrike
Most advanced XSS scanner.
leebaird/discover
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
WalderlanSena/ftpbrute
:open_file_folder: :key: Tool to perform Brute Force Attack FTP
robinshuds/KodiLatviesiem
Addons priekš Kodi lai var skatīties filmas latviešu valodā
drwetter/testssl.sh
Testing TLS/SSL encryption anywhere on any port
laramies/theHarvester
E-mails, subdomains and names Harvester - OSINT
ivan-sincek/penetration-testing-cheat-sheet
Work in progress...