egru's Stars
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
minimaxir/big-list-of-naughty-strings
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
gchq/CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
peass-ng/PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
myspaghetti/macos-virtualbox
Push-button installer of macOS Catalina, Mojave, and High Sierra guests in Virtualbox on x86 CPUs for Windows, Linux, and macOS
mandiant/commando-vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com
markbates/goth
Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applications.
michenriksen/aquatone
A Tool for Domain Flyovers
mandiant/capa
The FLARE team's open-source tool to identify capabilities in executable files.
FuzzySecurity/PowerShell-Suite
My musings with PowerShell
jaeles-project/gospider
Gospider - Fast web spider written in Go
cujanovic/SSRF-Testing
SSRF (Server Side Request Forgery) testing resources
ShawnDEvans/smbmap
SMBMap is a handy SMB enumeration tool
nccgroup/redsnarf
RedSnarf is a pen-testing / red-teaming tool for Windows environments
shr3ddersec/Shr3dKit
Red Team Tool Kit
BishopFox/eyeballer
Convolutional neural network for analyzing pentest screenshots
f0cker/crackq
CrackQ: A Python Hashcat cracking queue system
NetSPI/SQLInjectionWiki
A wiki focusing on aggregating and documenting various SQL injection methods
byt3bl33d3r/WitnessMe
Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
govolution/betterdefaultpasslist
nccgroup/VCG
VisualCodeGrepper - Code security scanning tool.
sensepost/rattler
Automated DLL Enumerator
SpiderLabs/portia
Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised.
NetSPI/goddi
goddi (go dump domain info) dumps Active Directory domain information
tinted-theming/base16-xfce4-terminal
Base16 template for xfce4-terminal
nccgroup/LazyDroid
bash script to facilitate some aspects of an Android application assessment
lorenzog/dns-parallel-prober
PoC for an adaptive parallelised DNS prober
NetSPI/BetaFast
Vulnerable thick client applications used as examples in the Introduction to Hacking Desktop Applications blog series
biscuits99/rp-video-manager
Tool to quickly update video modes in RetroPie - giving a retro CRT look.
AndrejGajdos/auth-flow-spa-node-react
🔐 User authentication in SPA, built with Node.js and React (Koa, Passport, Redux, Redux-Saga and React Router). Local authentication – users can log in using username, passport and authentication through Facebook.