Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Projects in Awesome Lists tagged with penetration-testing

A curated list of projects in awesome lists tagged with penetration-testing .

https://github.com/lefayjey/linWinPwn

linWinPwn is a bash script that streamlines the use of a number of Active Directory tools

active-directory adcs adsecurity bloodhound enumeration exploitation hacking impacket kerberoast kerberos mssql penetration-testing pentest pentest-tool pentesting

Last synced: 04 Aug 2024

https://github.com/cytopia/pwncat

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

bind-shell cytopia-sec local-port-forward local-port-forwarding nc ncat netcat penetration-testing pentest pentest-tool pentesting pentesting-tool pivoting port-forwarding portforward pwncat remote-port-forward remote-port-forwarding remote-shell reverse-shell

Last synced: 30 Sep 2024

https://github.com/praetorian-inc/noseyparker

Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.

credentials devsecops penetration-testing rust scanner secrets secrets-detection security security-tools

Last synced: 30 Sep 2024

https://github.com/michaelgrafnetter/dsinternals

Directory Services Internals (DSInternals) PowerShell Module and Framework

active-directory azure-ad dpapi fido2 lsa ntds nuget-packages passwords penetration-testing powershell sam security-audit

Last synced: 29 Sep 2024

https://github.com/bitbrute/evillimiter

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

hacking hacking-tool linux networking penetration-testing pentest-tool pentesting python security security-tools

Last synced: 30 Sep 2024

https://github.com/MichaelGrafnetter/DSInternals

Directory Services Internals (DSInternals) PowerShell Module and Framework

active-directory azure-ad dpapi fido2 lsa ntds nuget-packages passwords penetration-testing powershell sam security-audit

Last synced: 04 Aug 2024

https://github.com/initstring/cloud_enum

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

osint penetration-testing

Last synced: 01 Aug 2024

https://github.com/liamg/gitjacker

πŸ”ͺ :octocat: Leak git repositories from misconfigured websites

git hacking penetration-testing pentesting red-team

Last synced: 26 Sep 2024

https://github.com/edoardottt/cariddi

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

bugbounty crawler crawling endpoint-discovery endpoints go golang hacktoberfest infosec osint penetration-testing pentesting recon reconnaissance redteam scraper secret-keys secrets-detection security security-tools

Last synced: 30 Sep 2024

https://github.com/doyensec/inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

api-documentation-tool bugbounty bugbounty-tool burp-extensions burpsuite graphql graphql-security penetration-testing security-audit security-scanner security-tools

Last synced: 01 Oct 2024

https://github.com/jaykali/hackerpro

All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog

best hack hacking hacking-tool hacking-tools hacktoberfest hacktoberfest-accepted information-gathering linux penetration-testing penetration-testing-framework python scanner script termux tool tools

Last synced: 30 Sep 2024

https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

damn-vulnerable damn-vulnerable-web-application exploitation graphql graphql-security penetration-testing security vulnerability

Last synced: 01 Aug 2024

https://github.com/chenjj/espoofer

An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻

dkim dmarc dmarc-bypass email-spoof hacking penetration-testing phishing phishing-attacks security security-tools smtp spf spoofing spoofing-emails

Last synced: 01 Oct 2024

https://github.com/Hacking-the-Cloud/hackingthe.cloud

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

aws aws-hacking azure cloud cloud-security gcp hacking hacking-cloud penetration-testing

Last synced: 01 Aug 2024

https://github.com/hacking-the-cloud/hackingthe.cloud

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

aws aws-hacking azure cloud cloud-security gcp hacking hacking-cloud penetration-testing

Last synced: 30 Sep 2024

https://github.com/jordanpotti/awsbucketdump

Security Tool to Look For Interesting Files in S3 Buckets

bugbounty enumeration penetration-testing s3-bucket

Last synced: 30 Sep 2024

https://github.com/jordanpotti/AWSBucketDump

Security Tool to Look For Interesting Files in S3 Buckets

bugbounty enumeration penetration-testing s3-bucket

Last synced: 01 Aug 2024

https://github.com/cyber-guy1/api-securityempire

API Security Project aims to present unique attack & defense methods in API Security field

api apisecurity bug-bounty bugbounty bugbountytips cybersec cybersecurity information-security infosec penetration-testing tips

Last synced: 01 Oct 2024

https://github.com/m3n0sd0n4ld/goofuzz

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

bash-script bugbounty discovery fuzzing google-dorks hacking information-disclosure infosec osint penetration-testing pentesting recon reconnaissance red-team subdomain

Last synced: 30 Sep 2024

https://github.com/zidansec/cloudpeler

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

bypass-cloudflare bypass-hostname bypass-waf cloudflare crimeflare crimeflare-next-generation crimepeler dns-security exploit hack-tool information-gathering osint-tool penetration-testing pentest-tool security-tools

Last synced: 01 Oct 2024

https://github.com/jeffzh3ng/fuxi

Penetration Testing Platform

penetration-testing pentest-tool security vulnerability

Last synced: 30 Sep 2024

https://github.com/fsociety-team/fsociety

A Modular Penetration Testing Framework

cli docker fsociety osint penetration-testing python python3

Last synced: 01 Oct 2024

https://github.com/Cyber-Guy1/API-SecurityEmpire

API Security Project aims to present unique attack & defense methods in API Security field

api apisecurity bug-bounty bugbounty bugbountytips cybersec cybersecurity information-security infosec penetration-testing tips

Last synced: 08 Aug 2024

https://github.com/initstring/linkedin2username

OSINT Tool: Generate username lists for companies on LinkedIn

hacking osint penetration-testing pentesting

Last synced: 30 Sep 2024

https://github.com/m3n0sd0n4ld/GooFuzz

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

bash-script bugbounty discovery fuzzing google-dorks hacking information-disclosure infosec osint penetration-testing pentesting recon reconnaissance red-team subdomain

Last synced: 01 Aug 2024

https://github.com/zidansec/CloudPeler

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

bypass-cloudflare bypass-hostname bypass-waf cloudflare crimeflare crimeflare-next-generation crimepeler dns-security exploit hack-tool information-gathering osint-tool penetration-testing pentest-tool security-tools

Last synced: 31 Jul 2024

https://github.com/initstring/passphrase-wordlist

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

hacking infosec password-cracking penetration-testing pentesting wordlist

Last synced: 30 Sep 2024

https://github.com/codingo/interlace

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

bugbounty cidr-notation enumeration hacking hacking-tool linux multithreading oscp oscp-tools penetration-testing security security-tools service-enumeration thread

Last synced: 30 Sep 2024

https://github.com/GhostManager/Ghostwriter

The SpecterOps project management and reporting engine

informationsecurity penetration-testing red-team reporting

Last synced: 01 Aug 2024

https://github.com/ghostmanager/ghostwriter

The SpecterOps project management and reporting engine

informationsecurity penetration-testing red-team reporting

Last synced: 01 Oct 2024

https://github.com/codingo/vhostscan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

bugbounty ctf-tools discovery-service hacking hacking-tool hackthebox offensive-security oscp penetration-test penetration-testing reverse-lookups scanner security security-audit security-tools vhost vhosts virtual-host virtual-hosts web-application-security

Last synced: 30 Sep 2024

https://github.com/codingo/Interlace

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

bugbounty cidr-notation enumeration hacking hacking-tool linux multithreading oscp oscp-tools penetration-testing security security-tools service-enumeration thread

Last synced: 01 Aug 2024

https://github.com/webpwnized/mutillidae

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

10 application appsec cybersecurity owasp owasp-top-10 penetration-testing security top training web

Last synced: 30 Sep 2024

https://github.com/viralmaniar/passhunt

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

cybersecurity default-credentials default-password password penetration-testing pentest-tool security security-testing

Last synced: 30 Sep 2024

https://github.com/Viralmaniar/Passhunt

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

cybersecurity default-credentials default-password password penetration-testing pentest-tool security security-testing

Last synced: 07 Aug 2024

https://github.com/codingo/VHostScan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

bugbounty ctf-tools discovery-service hacking hacking-tool hackthebox offensive-security oscp penetration-test penetration-testing reverse-lookups scanner security security-audit security-tools vhost vhosts virtual-host virtual-hosts web-application-security

Last synced: 01 Aug 2024

https://github.com/Syslifters/sysreptor

Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.

cdsa chhb cpts hackthebox infosectools offsec oscp osed osee osep oswa oswe oswp penetration-testing pentest pentesting-tool reporting reporting-tool security-assessment security-audit

Last synced: 02 Aug 2024

https://github.com/screetsec/brutal

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

arduino arduino-library badusb hacker hacking payload penetration penetration-testing powershell-attack rubberducky teensy usb

Last synced: 29 Sep 2024

https://github.com/sh4hin/androl4b

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

android application-security malware-analyzer mobile-security penetration-testing reverse-engineering

Last synced: 30 Sep 2024

https://github.com/sh4hin/Androl4b

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

android application-security malware-analyzer mobile-security penetration-testing reverse-engineering

Last synced: 15 Aug 2024

https://github.com/Screetsec/Brutal

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

arduino arduino-library badusb hacker hacking payload penetration penetration-testing powershell-attack rubberducky teensy usb

Last synced: 31 Jul 2024

https://github.com/ignitetechnologies/vulnhub-ctf-writeups

This cheasheet is aimed at the CTF Players and Beginners to help them sort Vulnhub Labs. This list contains all the writeups available on hackingarticles.

ctf ctf-challenges ctf-writeups oscp oscp-prep penetration-testing vulnhub

Last synced: 30 Sep 2024

https://github.com/viralmaniar/powershell-rat

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

backdoor fud hacking hacking-tool penetration-testing pentesting powershell rat redteaming remoteaccess trojan trojan-rat

Last synced: 27 Sep 2024

https://github.com/wireghoul/htshells

Self contained htaccess shells and attacks

apache exploit htaccess penetration-testing polyglot security webshell

Last synced: 30 Sep 2024

https://github.com/m4cs/babysploit

:baby: BabySploit Beginner Pentesting Toolkit/Framework Written in Python :snake:

beginner beginner-friendly ethical-hacking kali penetration-testing penetration-testing-framework pentest-tool pentesting python3 toolkit tools

Last synced: 30 Sep 2024

https://github.com/Ignitetechnologies/Vulnhub-CTF-Writeups

This cheasheet is aimed at the CTF Players and Beginners to help them sort Vulnhub Labs. This list contains all the writeups available on hackingarticles.

ctf ctf-challenges ctf-writeups oscp oscp-prep penetration-testing vulnhub

Last synced: 03 Aug 2024

https://github.com/nikitastupin/clairvoyance

Obtain GraphQL API schema even if the introspection is disabled

bug-bounty graphql penetration-testing security

Last synced: 30 Sep 2024

https://github.com/Viralmaniar/Powershell-RAT

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

backdoor fud hacking hacking-tool penetration-testing pentesting powershell rat redteaming remoteaccess trojan trojan-rat

Last synced: 30 Jul 2024

https://github.com/M4cs/BabySploit

:baby: BabySploit Beginner Pentesting Toolkit/Framework Written in Python :snake:

beginner beginner-friendly ethical-hacking kali penetration-testing penetration-testing-framework pentest-tool pentesting python3 toolkit tools

Last synced: 31 Jul 2024

https://github.com/yassineaboukir/sublert

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

bug-bounty certificate-transparency certificate-transparency-logs hacking information-gathering monitoring-tool penetration-testing pentest python reconnaissance security sublert

Last synced: 01 Aug 2024

https://github.com/averagesecurityguy/scripts

Scripts I use during pentest engagements.

hacking penetration-testing pentests python tools

Last synced: 01 Aug 2024

https://github.com/antoniococo/conptyshell

ConPtyShell - Fully Interactive Reverse Shell for Windows

conpty csharp penetration-testing powershell shell terminal

Last synced: 27 Sep 2024

https://github.com/i-am-jakoby/powershell-for-hackers

This repository is a collection of powershell functions every hacker should know

badusb badusb-payloads flipperzero hak5 infosec penetration-testing pentesting powershell powershell-script

Last synced: 28 Sep 2024

https://github.com/I-Am-Jakoby/PowerShell-for-Hackers

This repository is a collection of powershell functions every hacker should know

badusb badusb-payloads flipperzero hak5 infosec penetration-testing pentesting powershell powershell-script

Last synced: 01 Aug 2024

https://github.com/wireghoul/dotdotpwn

DotDotPwn - The Directory Traversal Fuzzer

fuzzer penetration-testing perl security traversal

Last synced: 28 Sep 2024

https://github.com/antonioCoco/ConPtyShell

ConPtyShell - Fully Interactive Reverse Shell for Windows

conpty csharp penetration-testing powershell shell terminal

Last synced: 15 Aug 2024

https://github.com/safe6Sec/command

ηΊ’ι˜ŸεΈΈη”¨ε‘½δ»€ι€ŸζŸ₯

penetration-testing

Last synced: 04 Aug 2024

https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

application-security aws-security azure-security free opensource penetration-testing pentesting

Last synced: 31 Jul 2024

https://github.com/ffffffff0x/AboutSecurity

Everything for pentest. | η”¨δΊŽζΈ—ι€ζ΅‹θ―•ηš„ payload ε’Œ bypass ε­—ε…Έ.

bounty bypass cheatsheet ctf dictionary ffffffff0x fuzz hacking infosec infrastructure methodology payload penetration-testing pentest pentesting redteam security

Last synced: 01 Aug 2024

https://github.com/ayoubfathi/leaky-paths

A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

appsec axiom bugbounty dirbuster dirsearch ffuf fuzzing hacktoberfest meg nuclei penetration-testing pentest recon redteam redteaming security security-tools subfinder wayback-machine wordlist

Last synced: 04 Aug 2024

https://github.com/ehrishirajsharma/swiftnessx

A cross-platform note-taking & target-tracking app for penetration testers.

bug-bounty checklist electronjs penetration-testing security-tools

Last synced: 28 Sep 2024

https://github.com/ehrishirajsharma/SwiftnessX

A cross-platform note-taking & target-tracking app for penetration testers.

bug-bounty checklist electronjs penetration-testing security-tools

Last synced: 02 Aug 2024

https://github.com/sh377c0d3/Payloads

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

bugbounty bugbounty-tool payload payloads payloads-database penetration-testing

Last synced: 04 Aug 2024

https://github.com/ullaakut/gorsair

Gorsair gives root access on remote docker containers that expose their APIs

docker infosec netsec nmap penetration-testing pentesting security

Last synced: 01 Aug 2024

https://github.com/Ullaakut/Gorsair

Gorsair gives root access on remote docker containers that expose their APIs

docker infosec netsec nmap penetration-testing pentesting security

Last synced: 02 Aug 2024

https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

bugbounty hacking hacking-tool penetration-testing penetration-testing-tools pentesting scanner security security-audit security-scanner security-tools vulnerability-scanners web-cache

Last synced: 01 Aug 2024