Syzik's Stars
Ciphey/Ciphey
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
MobSF/Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
corkami/pics
File formats dissections and more...
Ignitetechnologies/Mindmap
This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them
drk1wi/Modlishka
Modlishka. Reverse Proxy.
t3l3machus/Villain
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
sensepost/gowitness
🔍 gowitness - a golang, web screenshot utility using Chrome Headless
tarunkant/Gopherus
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
aress31/burpgpt
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.
ssl/ezXSS
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
fortra/nanodump
The swiss army knife of LSASS dumping
p0dalirius/Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
BlackFan/client-side-prototype-pollution
Prototype Pollution and useful Script Gadgets
3ndG4me/AutoBlue-MS17-010
This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010
blackarrowsec/redteam-research
Collection of PoC and offensive techniques used by the BlackArrow Red Team
JackOfMostTrades/gadgetinspector
A byte code analyzer for finding deserialization gadget chains in Java applications
tls-attacker/TLS-Attacker
TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.
firefart/stunner
Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.
vladko312/SSTImap
Automatic SSTI detection tool with interactive interface
grimlockx/ADCSKiller
An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer
allanlw/svg-cheatsheet
A cheatsheet for exploiting server-side SVG processors.
zblurx/certsync
Dump NTDS with golden certificates and UnPAC the hash
AlmondOffSec/PassTheCert
Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel
qtc-de/beanshooter
JMX enumeration and attacking tool.
api0cradle/CVE-2023-23397-POC-Powershell
pwndoc-ng/pwndoc-ng
Pentest Report Generator
ambionics/symfony-exploits
Exploits targeting Symfony
EasyRecon/Hunt3r
Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework
Damian89/ffufPostprocessing
Golang tool which helps dropping the irrelevant entries from your ffuf result file.
EasyRecon/wappaGo