rainbowspec's Stars
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
kamranahmedse/design-patterns-for-humans
An ultra-simplified explanation to design patterns
projectdiscovery/subfinder
Fast passive subdomain enumeration tool.
tennc/webshell
This is a webshell open source project
n1nj4sec/pupy
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
jofpin/trape
People tracker on the Internet: OSINT analysis and research tool by Jose Pino
sensepost/objection
📱 objection - runtime mobile exploration
EdOverflow/bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
elceef/dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
TheRook/subbrute
A DNS meta-query spider that enumerates DNS records, and subdomains.
dafthack/MailSniper
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
commaai/opendbc
a Python API for your car
0xInfection/TIDoS-Framework
The Offensive Manual Web Application Penetration Testing Framework.
Cn33liz/p0wnedShell
PowerShell Runspace Post Exploitation Toolkit
woj-ciech/kamerka
Build interactive map of cameras from Shodan
Tylous/SniffAir
A framework for wireless pentesting.
mikaku/Monitorix
Monitorix is a free, open source, lightweight system monitoring tool.
dmayer/idb
idb is a tool to simplify some common tasks for iOS pentesting and research
dthain/basekernel
A simple OS kernel for research, teaching, and fun.
m8sec/nullinux
Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
klsecservices/rpivot
socks4 reverse proxy for penetration testing
gojhonny/InSpy
A python based LinkedIn enumeration tool
P0cL4bs/kadimus
kadimus is a tool to check and exploit lfi vulnerability.
mdsecresearch/LyncSniper
LyncSniper: A tool for penetration testing Skype for Business and Lync deployments
wavestone-cdt/hadoop-attack-library
A collection of pentest tools and resources targeting Hadoop environments
jimywork/djangohunter
Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information.
0xmitsurugi/gimmecredz
You're a #pentester and you totally pwn that linux box, congrats! Now what? You can launch gimmecredz.sh which will try to extract all passwords from known locations.
duo-labs/phish-collect
Python script to hunt phishing kits
devploit/put2win
Script to automate PUT HTTP method exploitation to get shell
PinkP4nther/EroDir
A fast web directory/file enumeration tool written in Rust