Hippi3Hack3r
An utterly insignificant little blue green planet far out in the uncharted backwaters of the unfashionable end of the western spiral arm of the Galaxy.
Hippi3Hack3r's Stars
ivan-sincek/ios-penetration-testing-cheat-sheet
Work in progress...
libimobiledevice/ideviceinstaller
Manage apps of iOS devices
optiv/doppelganger
Doppelgänger is firmware that runs on ESP32 devices that can be embedded within commercially available RFID readers with the intent of capturing access control card data while performing physical security assessments. Doppelgänger keeps the operator's ease of access, maintenance, and operational communications in mind.
ambionics/phpggc
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
mishmashclone/timip-OSWE
https://github.com/timip/OSWE
Hippi3Hack3r/YAVAA
Yet Another Vulnerable Android Application. The purpose of this app is to teach the exploitation of multiple vulnerabilities in a CTF style environment.
BishopFox/jsluice
Extract URLs, paths, secrets, and other interesting bits from JavaScript
ImpostorKeanu/parsuite
Simple parser framework.
sensepost/wpa_sycophant
Evil client portion of EAP relay attack
sensepost/hostapd-mana
SensePost's modified hostapd for wifi attacks.
GoogleCloudPlatform/esp-v2
A service proxy that provides API management capabilities using Google Service Infrastructure.
ImpostorKeanu/eavesarp
Analyze ARP requests to identify intercommunicating hosts and stale network address configurations (SNACs)
SimplySecurity/SimplyTemplate
Phishing Template Generation Made Easy
Kyuu-Ji/Awesome-Azure-Pentest
A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure.
trustedsec/hardcidr
hardCIDR is a Linux Bash script, but also functions under macOS. Your mileage may vary on other distros. The script with no specified options will query ARIN and a pool of BGP route servers. The route server is selected at random at runtime.
fuzzdb-project/fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
lgandx/Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
801labs/OSCP_templates
TheNerdlist/nerdlist
list of passwords more likely to be used by sysadmins, general nerds, and folk with access
NVISOsecurity/MagiskTrustUserCerts
A Magisk/KernelSU module that automatically adds user certificates to the system root CA store
DC801/BM-Badge
The DC801 Badge Platform for DC28+
ITI/ICS-Security-Tools
Tools, tips, tricks, and more for exploring ICS Security.
Ayrx/proxycat
Simple transparent proxy setup for Android
WithSecureLabs/android-keystore-audit
RedSiege/EyeWitness
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
dafthack/CloudPentestCheatsheets
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
RhinoSecurityLabs/cloudgoat
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
dafthack/MSOLSpray
A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
kunte0/phar-jpg-polyglot
Phar + JPG Polyglot generator and playground (CTF CODE)
aosp-mirror/platform_build