Automatic SQL injection and database takeover tool
-
Updated
Sep 11, 2020 - Python
#
pentesting
Here are 1,339 public repositories matching this topic...
Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.
windows
linux
awesome
osint
malware
hacking
resources
sql-injection
csrf
awesome-list
pentesting
malware-analysis
bugbounty
kali-linux
hacking-tool
dork
information-gathering
xxe
redteam
osint-resources
-
Updated
Sep 11, 2020
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
android
python
windows
linux
shell
backdoor
reverse-shell
rat
pentesting
post-exploitation
remote-access
payload
mac-os
meterpreter
pupy
reflective-injection
remote-admin-tool
-
Updated
Sep 7, 2020 - Python
Web path scanner
python
security
scanner
hacking
bruteforce
penetration-testing
bug-bounty
fuzzing
pentesting
pentest
fuzzer
appsec
dirsearch
dirbuster
scanner-web
-
Updated
Sep 12, 2020 - Python
A collection of open source and commercial tools that aid in red team operations.
-
Updated
Sep 1, 2020
Open
Add URL decoding
8
bee-san
commented
Sep 7, 2020
Problem:
URLs are encoded like so:
" " == "%20"
There are many more encodings other than space, this is just one example.
Resources
https://www.w3schools.com/tags/ref_urlencode.ASP
https://www.urlencoder.org/
URL Decoding in Python
https://stackoverflow.com/questions/16566069/url-decode-utf-8-in-python
https://www.urldecoder.io/python/
Guide on how to add thi
jhertz
commented
Apr 17, 2020
Hi All,
So I'm trying to use hydra to bruteforce a login on a system that uses custom http headers to receive the username and password. Hydra does not seem to be doing substitution of ^USER^ and ^PASS^ when used as HTTP headers. If I issue issuing a call to hydra like this:
hydra "http-post://0.0.0.0:8000/:H=username\:^USER^:H=password\:^PASS^" -l admin -p admin
I see the following r
A swiss army knife for pentesting networks
-
Updated
Sep 11, 2020 - Python
Automated pentest framework for offensive security experts
dns
osint
scanner
nuke
hacking
subnet
shellshock
vulnerability
pentesting
scans
recon
vulnerabilities
bugbounty
pentest
automated
kali-linux
metasploit
sn1per
sn1per-professional
xerosecurity
-
Updated
Sep 7, 2020 - Shell
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
javascript
hacking
owasp
application-security
pentesting
ctf
vulnerable
appsec
owasp-top-10
owasp-top-ten
vulnapp
-
Updated
Sep 12, 2020 - JavaScript
Directory/File, DNS and VHost busting tool written in Go
-
Updated
Sep 2, 2020 - Go
An Information Security Reference That Doesn't Suck
windows
linux
osx
reverse-engineering
hacking
forensics
penetration-testing
infosec
pentesting
references
information-security
privilege-escalation
exfiltration
infosec-reference
red-team
blueteam
hacking-simulator
privilege-escalation-exploits
mitre-attack-db
-
Updated
Aug 25, 2020
codingo
commented
Sep 5, 2020
For the sake of the tests below domains.txt contains only "codingo" and wordlist.txt contains only "admin".
When specifying a wordlist, you can specify a variable to fuzz with using:
-w ./wordlist.txt:W1
Where W1 is our insertion point. In addition, FFUF allows you to specify multiple wordlists in a comma delimited fashion. If we put the two together, we have something lik
This is a multi-use bash script for Linux systems to audit wireless networks.
linux
bash
enterprise
security
hacking
wireless
aircrack
handshake
pentesting
denial-of-service
wps
sslstrip
beef
evil-twin
sniffing
pixie-dust
wep
5ghz
wpa-wpa2
pmkid
-
Updated
Sep 10, 2020 - Shell
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
security
security-audit
scanner
exploits
infosec
pentesting
vulnerability-detection
vulnerability-scanners
vulnerability-assessment
-
Updated
Jan 29, 2020 - Python
Collaborative Penetration Test and Vulnerability Management Platform
security
devops
chatops
security-audit
collaboration
orchestration
nmap
penetration-testing
vulnerability
infosec
pentesting
collaborative
cve
nessus
vulnerability-management
vulnerability-scanners
burpsuite
security-automation
devsecops
continuous-scanning
-
Updated
Sep 10, 2020 - JavaScript
Next generation web scanner
ruby
security
web
scanner
hacking
owasp
penetration-testing
application-security
pentesting
recon
pentest
kali-linux
appsec
network-security
web-hacking
security-tools
penetration-test
hacking-tools
pentesting-tools
penetration-testing-tools
-
Updated
Aug 28, 2020 - Ruby
Web Pentesting Fuzz 字典,一个就够了。
-
Updated
May 9, 2020 - Python
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
security
awesome
hacking
cheatsheet
penetration-testing
penetration
pentesting
security-vulnerability
information-security
refresher
hacking-tool
oscp5
howto-tutorial
security-tools
oscp
penetration-test
oscp-journey
hacking-code
oscp-tools
cheatsheet-god
-
Updated
Sep 6, 2020
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
static-analysis
mobile-app
android-application
ios-app
dynamic-analysis
pentesting
reverse-engineers
network-analysis
runtime-analysis
-
Updated
Aug 30, 2020
The LAZY script will make your life easier, and of course faster.
shortcut
penetration-testing
shell-script
pentesting
wifiphisher
wpa-cracker
kali-linux
bypass-av
metasploit-framework
payload
pixie-dust
bypass-antivirus
wifi-password
wpa2-handshake
antivirus-evasion
payload-generator
sqlinjection
pentest-tool
wifi-testing
eternalblue-doublepulsar-metasploit
kali-scripts
-
Updated
Jul 8, 2020 - Shell
Wiki to collect Red Team infrastructure hardening resources
-
Updated
Mar 24, 2020
Automated All-in-One OS command injection and exploitation tool.
-
Updated
Sep 7, 2020 - Python
analyserdmz
commented
May 7, 2020
Would be awesome if it would be possible to save the found streams to a M3U file, compatible with VLC. An example template of a valid M3U file is the following:
#EXTM3U
#EXTINF:-1 tvg-id="" tvg-name="" tvg-language="" tvg-logo="" tvg-country="" tvg-url="" group-title="",[IP AND CHANNELID HERE FOR NAME]
rtsp://192.168.0.5/route/to/stream/here
#EXTINF:-1 tvg-id="" tvg-name="" tvg-langua
Open
Progress bars
1
bee-san
commented
Jul 31, 2020
Describe the solution you'd like
Progress bars that show progress would be neato
Additional context
https://crates.io/crates/indicatif
A high performance offensive security tool for reconnaissance and vulnerability scanning
osint
scanner
hacking
enumeration
fuzzing
pentesting
offensive-security
hacking-tool
security-scanner
vulnerability-assessment
information-gathering
reconnaissance
pentest-tool
vulnerability-scanner
raccoon
-
Updated
Mar 5, 2020 - Python
minanagehsalalma
commented
Mar 16, 2019
so if the password is correct it accepts it .... and if it's wrong it says the entered password is wrong .. and asks for the password again .. just like what the real sites do :)
The cheat sheet about Java Deserialization vulnerabilities
-
Updated
Jul 31, 2020
Improve this page
Add a description, image, and links to the pentesting topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the pentesting topic, visit your repo's landing page and select "manage topics."
Add 8.7 and 8.8 for android and ios: show how you can delay the attacker or report tampering to the backend as a response to a tamper detected
8.7: The app implements multiple mechanisms in each defense category (8.1 to 8.6). Note that resiliency scales with the amount, diversity of the originality of the mechanisms used.
8.8: The detection mechanisms trigger responses of different types, includ