NoobCam's Stars
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
infosecn1nja/Red-Teaming-Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
jofpin/trape
People tracker on the Internet: OSINT analysis and research tool by Jose Pino
EmpireProject/Empire
Empire is a PowerShell and Python post-exploitation agent.
SpiderLabs/Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
SteveLTN/https-portal
A fully automated HTTPS server powered by Nginx, Let's Encrypt and Docker.
infosecn1nja/AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
bluscreenofjeff/Red-Team-Infrastructure-Wiki
Wiki to collect Red Team infrastructure hardening resources
1N3/IntruderPayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
sensepost/gowitness
🔍 gowitness - a golang, web screenshot utility using Chrome Headless
dirkjanm/BloodHound.py
A Python based ingestor for BloodHound
api0cradle/UltimateAppLockerByPassList
The goal of this repository is to document the most common techniques to bypass AppLocker.
dafthack/DomainPasswordSpray
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
trustedsec/hate_crack
A tool for automating cracking methodologies through Hashcat from the TrustedSec team.
jhaddix/pentest-bookmarks
a collection of handy bookmarks
averagesecurityguy/scripts
Scripts I use during pentest engagements.
BishopFox/spoofcheck
Simple script that checks a domain for email protections
zombiesam/googlesub
This script will try to find a domains subdomains by using google dorking. It will never connect to the site it is researching.