ProReaver's Stars
mishakorzik/UserFinder
OSINT tool for finding profiles by username
sean-t-smith/pwned-by-passgpt
Password cracking research using the Have I Been Pwned (HIBP) dataset to evaluate the effectiveness of the PassGPT Large Language Model (LLM).
cobbr/Covenant
Covenant is a collaborative .NET C2 framework for red teamers.
aboul3la/Sublist3r
Fast subdomains enumeration tool for penetration testers
lgandx/Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
readloud/Google-Hacking-Database
The GHDB is an index of search queries (we call them dorks) used to find publicly available information, intended for pentesters and security researchers.
scrapy/scrapy
Scrapy, a fast high-level web crawling & scraping framework for Python.
v1s1t0r1sh3r3/airgeddon
This is a multi-use bash script for Linux systems to audit wireless networks.
SpecterOps/BloodHound
Six Degrees of Domain Admin
davidprowe/BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
adrecon/ADRecon
ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
Pennyw0rth/NetExec
The Network Execution Tool
lkarlslund/Adalanche
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
CISOfy/lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
GhostPack/Seatbelt
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
intelowlproject/IntelOwl
IntelOwl: manage your Threat Intelligence at scale
hslatman/awesome-threat-intelligence
A curated list of Awesome Threat Intelligence resources
fastfire/deepdarkCTI
Collection of Cyber Threat Intelligence sources from the deep and dark web
icyguider/UAC-BOF-Bonanza
Collection of UAC Bypass Techniques Weaponized as BOFs
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
TheHive-Project/TheHive
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
OJ/gobuster
Directory/File, DNS and VHost busting tool written in Go
laramies/theHarvester
E-mails, subdomains and names Harvester - OSINT
bitsadmin/wesng
Windows Exploit Suggester - Next Generation
itm4n/PrivescCheck
Privilege Escalation Enumeration Script for Windows
peass-ng/PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
s0md3v/XSStrike
Most advanced XSS scanner.
OWASP/Nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
mandatoryprogrammer/xsshunter-express
An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
htr-tech/zphisher
An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !