#
pentest
Here are 423 public repositories matching this topic...
Themercee
commented
Feb 16, 2018
Dirsearch has an option that will force the use of hostname and by default it search by IP. I think it should be the opposite. It should search by hostname by default and an option could be used to search by IP.
This behavior is not expected by user that briefly read the help and this may result in not finding files or directories on server using vhost.
Automated pentest framework for offensive security experts
-
Updated
Jan 7, 2020 - Shell
adubaldo
commented
Dec 9, 2019
Issue:
version: 0.4.9
os: parrot
description: whatweb --log-json write an open square brackets " [ " in json output file if the input file ( -i ) does not contains targets.
Use case:
Running a custom script you may need to pass an output file containing a list of websites to whatweb.
Workaround
For sure this issue should be handled by developers who uses whatweb.
Myppomeu
commented
Oct 29, 2016
If I install dependencies listed in patator.py and compile with information from README.md, I still need to install python and all dependencies to use exe file.
Whats the matter compile it, if it does not contains all dependencies?
Collection of the cheat sheets useful for pentesting
-
Updated
Jan 7, 2020
minanagehsalalma
commented
Mar 16, 2019
so if the password is correct it accepts it .... and if it's wrong it says the entered password is wrong .. and asks for the password again .. just like what the real sites do :)
viyatb
commented
May 5, 2018
The network scanner bundled (https://github.com/owtf/owtf/blob/develop/owtf/net/scanner.py) is not being used in any code path by OWTF right now. There is already a function defined to run plugins for a list of targets by pre-processing them through the network scanner, https://github.com/owtf/owtf/blob/develop/owtf/plugin/runner.py#L509 but it is not being used.
We should bring back the `proc
SSRF (Server Side Request Forgery) testing resources
-
Updated
Jan 6, 2020 - Python
大型内网渗透扫描器&Cobalt Strike,包含信息收集/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、Weblogic、ActiveMQ、Tomcat等,密码口令爆破含(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB)等,可高度自定义插件支持.NET程序集、DLL(C#/Delphi/VC)、PowerShell等语言编写的插件,支持通过配置INI批量调用任意外部程序或命令,EXP生成器一键生成Web漏洞POC,可快速扩展扫描或利用能力。支持Cobalt Strike插件化直接内存加载Ladon扫描快速拓展内网横向移动
-
Updated
Jan 7, 2020 - C#
A powerful and useful hacker dictionary builder for a brute-force attack
-
Updated
Jan 5, 2020 - Python
Open
Road map overview
sundowndev
commented
Apr 19, 2018
Issue with the content : No
Related content : Guide
Feature or enhancement request : Yes
An overview of languages, tools and requirements to learn pen testing.
A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
-
Updated
Jan 4, 2020 - Python
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
-
Updated
Jan 5, 2020 - Python
🔎 Find origin servers of websites behind by CloudFlare using Internet-wide scan data from Censys.
-
Updated
Jan 5, 2020 - Python
Find exploits in local and online databases instantly
-
Updated
Jan 4, 2020 - Shell
Automatic SSRF fuzzer and exploitation tool
-
Updated
Jan 6, 2020 - Python
Improve this page
Add a description, image, and links to the pentest topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the pentest topic, visit your repo's landing page and select "manage topics."
Currently
configureassumes that all build dependencies are located in a fixed set of locations. Ideally use pkgconfig (which is needed for gtk anyway) to detect the dependencies so arbitrary dependency locations are supported.