- General usefull Powershell Scripts
- AMSI Bypass restriction Bypass
- Payload Hosting
- Network Share Scanner
- Lateral Movement
- Reverse Shellz
- POST Exploitation
- Pivot
- Backdoor finder
- Persistence on windows
- Web Application Pentest
- Framework Discovery
- Framework Scanner / Exploitation
- Web Vulnerability Scanner / Burp Plugins
- Network- / Service-level Vulnerability Scanner
- Crawler
- Web Exploitation Tools
- Windows Privilege Escalation / Audit
- T3 Enumeration
- Linux Privilege Escalation / Audit
- Credential harvesting Windows Specific
- Credential harvesting Linux Specific
- Data Exfiltration - DNS/ICMP/Wifi Exfiltration
- Git Specific
- Reverse Engineering / decompiler
- Forensics
- Network Attacks
- Specific MITM service Exploitation
- Sniffing / Evaluation / Filtering
- Scanner / Exploitation-Frameworks / Automation
- Default Credential Scanner
- Payload Generation / AV-Evasion / Malware Creation
- Domain Finding / Subdomain Enumeration
- Scanner network level
- Email Gathering
- Domain Auth + Exploitation
- Network service - Login Brute Force + Wordlist attacks
- Command & Control Frameworks
- Wifi Tools
- Raspberri PI Exploitation
- Social Engeneering
- Wordlists / Wordlist generators
- Obfuscation
- Source Code Analysis
- No category yet
- Industrial Control Systems
- NAC bypass
- JMX Exploitation
And many more. I created this repo to have an overview over my starred repos. I was not able to filter in categories before. Feel free to use it for yourself. I do not list Kali default tools as well as several testing tools which are state of the art. STRG+F searches are helpful here.
https://github.com/S3cur3Th1sSh1t/WinPwn - 😎
https://github.com/dafthack/MailSniper
https://github.com/putterpanda/mimikittenz
https://github.com/dafthack/DomainPasswordSpray
https://github.com/mdavis332/DomainPasswordSpray - same but kerberos auth for more stealth and lockout-sleep
https://github.com/jnqpblc/SharpSpray - domainpasswordspray executable with lockout-sleep
https://github.com/Arvanaghi/SessionGopher
https://github.com/samratashok/nishang
https://github.com/PowerShellMafia/PowerSploit
https://github.com/fdiskyou/PowerOPS
https://github.com/giMini/PowerMemory
https://github.com/Kevin-Robertson/Inveigh
https://github.com/MichaelGrafnetter/DSInternals
https://github.com/PowerShellEmpire/PowerTools
https://github.com/FuzzySecurity/PowerShell-Suite
https://github.com/hlldz/Invoke-Phant0m
https://github.com/leoloobeek/LAPSToolkit
https://github.com/n00py/LAPSDumper - remote LAPS dumping from linux
https://github.com/sense-of-security/ADRecon
https://github.com/adrecon/ADRecon - supported version - really nice Excel-Sheet for an AD-Overview
https://github.com/Arno0x/PowerShellScripts
https://github.com/S3cur3Th1sSh1t/Grouper
https://github.com/l0ss/Grouper2
https://github.com/NetSPI/PowerShell
https://github.com/NetSPI/PowerUpSQL
https://github.com/GhostPack - Various Powersploit Tasks in C#
https://github.com/Kevin-Robertson/Powermad - Adidns Attacks
https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell
https://github.com/Flangvik/AMSI.fail
https://github.com/p3nt4/PowerShdll
https://github.com/jaredhaight/PSAttack
https://github.com/Cn33liz/p0wnedShell
https://github.com/cobbr/InsecurePowerShell
https://github.com/Mr-Un1k0d3r/PowerLessShell
https://github.com/bitsadmin/nopowershell C# Powershell
https://github.com/OmerYa/Invisi-Shell
https://github.com/Hackplayers/Salsa-tools - Salsa Tools - ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP and AV bypass, AMSI patched
https://github.com/padovah4ck/PSByPassCLM - Constrained language mode bypass
https://github.com/rasta-mouse/AmsiScanBufferBypass
https://github.com/itm4n/VBA-RunPE - Applocker Bypass
https://github.com/cfalta/PowerShellArmoury
https://github.com/Mr-B0b/SpaceRunner - This tool enables the compilation of a C# program that will execute arbitrary PowerShell code, without launching PowerShell processes through the use of runspace.
https://github.com/RythmStick/AMSITrigger - The Hunt for Malicious Strings
https://github.com/rmdavy/AMSI_Ordinal_Bypass - Bypass AMSI and Defender using Ordinal Values in VBS
https://github.com/mgeeky/Stracciatella - OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, CLM and Script Block Logging disabled at startup
https://github.com/med0x2e/NoAmci - Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
https://github.com/rvrsh3ll/NoMSBuild - MSBuild without MSbuild.exe
https://github.com/bohops/UltimateWDACBypassList - A centralized resource for previously documented WDAC bypass techniques
https://github.com/jxy-s/herpaderping - Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
https://github.com/Cn33liz/MSBuildShell - MSBuildShell, a Powershell Host running within MSBuild.exe
https://github.com/kgretzky/pwndrop - Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
https://github.com/sc0tfree/updog - Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.
Find Juicy Stuff
https://github.com/SnaffCon/Snaffler - a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4
https://github.com/djhohnstein/SharpShares - Enumerate all network shares in the current domain. Also, can resolve names to IP addresses.
https://github.com/vivami/SauronEye - Search tool to find specific files containing specific words, i.e. files containing passwords..
https://github.com/leftp/VmdkReader - .NET 4.0 Console App to browse VMDK / VHD images and extract files
https://github.com/xct/xc - A small reverse shell for Linux & Windows
https://github.com/cytopia/pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
https://github.com/Kudaes/LOLBITS - C# reverse shell using Background Intelligent Transfer Service (BITS) as communication protocol and direct syscalls for EDR user-mode hooking evasion.
https://github.com/linuz/Sticky-Keys-Slayer
https://github.com/ztgrace/sticky_keys_hunter
https://github.com/countercept/doublepulsar-detection-script
https://github.com/0xthirteen/SharpRDP
https://github.com/0xthirteen/MoveKit - WMI,SMB,RDP,SCM,DCOM Lateral Movement techniques
https://github.com/0xthirteen/SharpMove - WMI, SCM, DCOM, Task Scheduler and more
https://github.com/rvrsh3ll/SharpCOM - C# Port of Invoke-DCOM
https://github.com/malcomvetter/CSExec - An implementation of PSExec in C#
https://github.com/byt3bl33d3r/CrackMapExec
https://github.com/cube0x0/SharpMapExec
https://github.com/nccgroup/WMIcmd
https://github.com/rasta-mouse/MiscTools - CsExec, CsPosh (Remote Powershell Runspace), CsWMI,CsDCOM
https://github.com/byt3bl33d3r/DeathStar - Automate Getting Dom-Adm
https://github.com/SpiderLabs/portia - automated lateral movement
https://github.com/Screetsec/Vegile - backdoor / rootkit
https://github.com/DanMcInerney/icebreaker - automation for various mitm attacks + vulns
https://github.com/MooseDojo/apt2 - automated penetration toolkit
https://github.com/hdm/nextnet - Netbios Network interface Enumeration (discovery of dual homed hosts)
https://github.com/mubix/IOXIDResolver - Find dual homed hosts over DCOM
https://github.com/Hackplayers/evil-winrm
https://github.com/bohops/WSMan-WinRM - A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object
https://github.com/dirkjanm/krbrelayx - unconstrained delegation, printer bug (MS-RPRN) exploitation, Remote ADIDNS attacks
https://github.com/Mr-Un1k0d3r/SCShell - Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
https://github.com/rvazarkar/GMSAPasswordReader - AD Bloodhound 3.0 Path
https://github.com/fdiskyou/hunter
https://github.com/360-Linton-Lab/WMIHACKER - A Bypass Anti-virus Software Lateral Movement Command Execution Tool
https://github.com/leechristensen/SpoolSample - PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface.
https://github.com/leftp/SpoolSamplerNET - Implementation of SpoolSample without rDLL
https://github.com/lexfo/rpc2socks - Post-exploit tool that enables a SOCKS tunnel via a Windows host using an extensible custom RPC proto over SMB through a named pipe.
https://github.com/checkymander/sshiva - C# application that allows you to quick run SSH commands against a host or list of hosts
https://github.com/dev-2null/ADCollector - A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.
https://github.com/mubix/post-exploitation
https://github.com/emilyanncr/Windows-Post-Exploitation
https://github.com/nettitude/Invoke-PowerThIEf - Automatically scan any windows or tabs for login forms and then record what gets posted. A notification will appear when some have arrived.
https://github.com/ThunderGunExpress/BADministration - McAfee Epo or Solarwinds post exploitation
https://github.com/bohops/SharpRDPHijack - A POC Remote Desktop (RDP) session hijack utility for disconnected sessions
https://github.com/antonioCoco/RunasCs - RunasCs - Csharp and open version of windows builtin runas.exe
https://github.com/klsecservices/Invoke-Vnc - Powershell VNC injector
https://github.com/mandatoryprogrammer/CursedChrome - Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.
https://github.com/djhohnstein/WireTap - .NET 4.0 Project to interact with video, audio and keyboard hardware.
https://github.com/GhostPack/Lockless - Lockless allows for the copying of locked files.
https://github.com/slyd0g/SharpClipboard - C# Clipboard Monitor
https://github.com/infosecn1nja/SharpDoor - SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.
https://github.com/hlldz/pickl3 - Windows active user credential phishing tool
https://github.com/shantanu561993/SharpLoginPrompt - Creates a login prompt to gather username and password of the current user. This project allows red team to phish username and password of the current user without touching lsass and having adminitrator credentials on the system.
https://github.com/Dviros/CredsLeaker
https://github.com/bitsadmin/fakelogonscreen
https://github.com/CCob/PinSwipe - Phish Smartcard PIN
https://github.com/S3cur3Th1sSh1t/PowerSharpPack - Various .NET Tools wrapped in Powershell
https://github.com/bohops/GhostBuild - GhostBuild is a collection of simple MSBuild launchers for various GhostPack/.NET projects
https://github.com/rvrsh3ll/Rubeus-Rundll32 - rundll32 Wrapper for Rubeus
https://github.com/checkymander/Zolom - execute Python in C# via ironpython
https://github.com/0x36/VPNPivot
https://github.com/securesocketfunneling/ssf
https://github.com/p3nt4/Invoke-SocksProxy
https://github.com/sensepost/reGeorg - Webshell tunnel over socks proxy - pentesters dream
https://github.com/hayasec/reGeorg-Weblogic - reGeorg customized for weblogic
https://github.com/nccgroup/ABPTTS TCP tunneling over HTTP/HTTPS for web application servers like reGeorg
https://github.com/RedTeamOperations/PivotSuite
https://github.com/trustedsec/egressbuster - check for internet access over open ports / egress filtering
https://github.com/vincentcox/bypass-firewalls-by-DNS-history
https://github.com/shantanu561993/SharpChisel - C# Wrapper around Chisel from
https://github.com/jpillora/chisel - A fast TCP tunnel over HTTP
https://github.com/esrrhs/pingtunnel - ping tunnel is a tool that advertises tcp/udp/socks5 traffic as icmp traffic for forwarding.
https://github.com/sysdream/ligolo - Reverse Tunneling made easy for pentesters, by pentesters
https://github.com/nccgroup/SocksOverRDP - Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop
https://github.com/blackarrowsec/mssqlproxy - mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
https://github.com/mwrlabs/SharpGPOAbuse
https://github.com/BloodHoundAD/BloodHound
https://github.com/BloodHoundAD/SharpHound3 - C# Data Collector for the BloodHound Project, Version 3
https://github.com/chryzsh/awesome-bloodhound
https://github.com/hausec/Bloodhound-Custom-Queries
https://github.com/CompassSecurity/BloodHoundQueries
https://github.com/vletoux/pingcastle
https://github.com/cyberark/ACLight
https://github.com/canix1/ADACLScanner
https://github.com/fox-it/Invoke-ACLPwn
https://github.com/fox-it/aclpwn.py - same as invoke-aclpwn but in python
https://github.com/dirkjanm/ldapdomaindump - Active Directory information dumper via LDAP
https://github.com/tothi/rbcd-attack - Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket
https://github.com/NotMedic/NetNTLMtoSilverTicket - SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket
https://github.com/FatRodzianko/Get-RBCD-Threaded - Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory environments
https://github.com/NinjaStyle82/rbcd_permissions - Add SD for controlled computer object to a target object for RBCD using LDAP
https://github.com/fireeye/SharPersist
https://github.com/outflanknl/SharpHide
https://github.com/HarmJ0y/DAMP - The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification
https://github.com/Tuhinshubhra/CMSeeK
https://github.com/Dionach/CMSmap - Wordpress, Joomla, Drupal Scanner
https://github.com/wpscanteam/wpscan
https://github.com/Ekultek/WhatWaf
https://github.com/wpscanteam/wpscan - wordpress
https://github.com/n00py/WPForce
https://github.com/m4ll0k/WPSeku https://github.com/swisskyrepo/Wordpresscan
https://github.com/rastating/wordpress-exploit-framework
https://github.com/coldfusion39/domi-owned - lotus domino
https://github.com/droope/droopescan - Drupal
https://github.com/whoot/Typo-Enumerator - Typo3
https://github.com/rezasp/joomscan - Joomla
https://github.com/m4ll0k/WAScan - all in one scanner
https://github.com/s0md3v/XSStrike - XSS discovery
https://github.com/federicodotta/Java-Deserialization-Scanner
https://github.com/d3vilbug/HackBar
https://github.com/gyoisamurai/GyoiThon
https://github.com/snoopysecurity/awesome-burp-extensions
https://github.com/sting8k/BurpSuite_403Bypasser - Burpsuite Extension to bypass 403 restricted directory
https://github.com/BishopFox/GadgetProbe - Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
https://github.com/scipag/vulscan
https://github.com/zdresearch/OWASP-Nettacker
https://github.com/OJ/gobuster
https://github.com/nccgroup/dirble
https://github.com/maK-/parameth
https://github.com/devanshbatham/ParamSpider - Mining parameters from dark corners of Web Archives
https://github.com/s0md3v/Arjun - 💗
https://github.com/Cillian-Collins/dirscraper - Directory lookup from Javascript files
https://github.com/hannob/snallygaster
https://github.com/maurosoria/dirsearch
https://github.com/s0md3v/Breacher - Admin Panel Finder
https://github.com/mazen160/server-status_PWN
https://github.com/s0md3v/Photon - 💗
https://github.com/kgretzky/dcrawl
https://github.com/lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
https://github.com/OsandaMalith/LFiFreak - lfi
https://github.com/enjoiz/XXEinjector - xxe
https://github.com/tennc/webshell - shellz
https://github.com/flozz/p0wny-shell
https://github.com/epinna/tplmap - ssti
https://github.com/orf/xcat - xpath injection
https://github.com/almandin/fuxploider - File Uploads
https://github.com/nccgroup/freddy - deserialization
https://github.com/irsdl/IIS-ShortName-Scanner - IIS Short Filename Vuln. exploitation
https://github.com/frohoff/ysoserial - Deserialize Java Exploitation
https://github.com/pwntester/ysoserial.net - Deserialize .NET Exploitation
https://github.com/internetwache/GitTools - Exploit .git Folder Existence
https://github.com/cujanovic/SSRF-Testing - SSRF Tutorials
https://github.com/ambionics/phpggc - PHP Unserialize Payload generator
https://github.com/BuffaloWill/oxml_xxe - Malicious Office XXE payload generator
https://github.com/tijme/angularjs-csti-scanner - Angularjs Csti Scanner
https://github.com/0xacb/viewgen - Deserialize .NET Viewstates
https://github.com/Illuminopi/RCEvil.NET - Deserialize .NET Viewstates
https://github.com/microsoft/restler-fuzzer - RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
https://github.com/flipkart-incubator/Astra
https://github.com/LuemmelSec/SAML2Spray - Python Script for SAML2 Authentication Passwordspray
https://github.com/imperva/automatic-api-attack-tool
https://github.com/itm4n/PrivescCheck - Privilege Escalation Enumeration Script for Windows
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS - powerfull Privilege Escalation Check Script with nice output
https://github.com/AlessandroZ/BeRoot
https://github.com/rasta-mouse/Sherlock
https://github.com/hfiref0x/UACME - UAC
https://github.com/rootm0s/WinPwnage - UAC
https://github.com/abatchy17/WindowsExploits
https://github.com/dafthack/HostRecon
https://github.com/sensepost/rattler - find vulnerable dlls for preloading attack
https://github.com/WindowsExploits/Exploits
https://github.com/Cybereason/siofra - dll hijack scanner
https://github.com/0xbadjuju/Tokenvator - admin to system
https://github.com/MojtabaTajik/Robber
https://github.com/411Hall/JAWS
https://github.com/GhostPack/SharpUp
https://github.com/GhostPack/Seatbelt
https://github.com/A-mIn3/WINspect
https://github.com/hausec/ADAPE-Script
https://github.com/SecWiki/windows-kernel-exploits
https://github.com/bitsadmin/wesng
https://github.com/rasta-mouse/Watson
https://github.com/gtworek/Priv2Admin - Abuse Windows Privileges
https://github.com/itm4n/UsoDllLoader - load malicious dlls from system32
https://github.com/TsukiCTF/Lovely-Potato - Exploit potatoes with automation
https://github.com/antonioCoco/RogueWinRM - from Service Account to System
https://github.com/antonioCoco/RoguePotato - Another Windows Local Privilege Escalation from Service Account to System
https://github.com/itm4n/PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019
https://github.com/BeichenDream/BadPotato - itm4ns Printspoofer in C#
https://github.com/itm4n/FullPowers - Recover the default privilege set of a LOCAL/NETWORK SERVICE account
https://github.com/quentinhardy/jndiat
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS - powerfull Privilege Escalation Check Script with nice output
https://github.com/mzet-/linux-exploit-suggester
https://github.com/rebootuser/LinEnum
https://github.com/diego-treitos/linux-smart-enumeration
https://github.com/CISOfy/lynis
https://github.com/AlessandroZ/BeRoot
https://github.com/future-architect/vuls
https://github.com/ngalongc/AutoLocalPrivilegeEscalation
https://github.com/b3rito/yodo
https://github.com/belane/linux-soft-exploit-suggester - lookup vulnerable installed software
https://github.com/sevagas/swap_digger
https://github.com/NullArray/RootHelper
https://github.com/NullArray/MIDA-Multitool
https://github.com/initstring/dirty_sock
https://github.com/jondonas/linux-exploit-suggester-2
https://github.com/sosdave/KeyTabExtract
https://github.com/DominicBreuker/pspy
https://github.com/itsKindred/modDetective
https://github.com/nongiach/sudo_inject
https://github.com/Anon-Exploiter/SUID3NUM - find suid bins and look them up under gtfobins / exploitable or not
https://github.com/nccgroup/GTFOBLookup - Offline GTFOBins
https://github.com/TH3xACE/SUDO_KILLER - sudo misconfiguration exploitation
https://raw.githubusercontent.com/sleventyeleven/linuxprivchecker/master/linuxprivchecker.py
https://github.com/inquisb/unix-privesc-check
https://github.com/hc0d3r/tas - easily manipulate the tty and create fake binaries
https://github.com/SecWiki/linux-kernel-exploits
https://github.com/initstring/uptux
https://github.com/andrew-d/static-binaries - not really privesc but helpfull
https://github.com/gentilkiwi/mimikatz
https://github.com/GhostPack/SafetyKatz
https://github.com/Flangvik/BetterSafetyKatz - Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory.
https://github.com/GhostPack/Rubeus
https://github.com/Arvanaghi/SessionGopher
https://github.com/peewpw/Invoke-WCMDump
https://github.com/tiagorlampert/sAINT
https://github.com/AlessandroZ/LaZagneForensic - remote lazagne
https://github.com/eladshamir/Internal-Monologue
https://github.com/djhohnstein/SharpWeb - Browser Creds gathering
https://github.com/moonD4rk/HackBrowserData - hack-browser-data is an open-source tool that could help you decrypt data[passwords|bookmarks|cookies|history] from the browser.
https://github.com/mwrlabs/SharpClipHistory - ClipHistory feature get the last 25 copy paste actions
https://github.com/outflanknl/Dumpert - dump lsass using direct system calls and API unhooking
https://github.com/b4rtik/SharpMiniDump - Create a minidump of the LSASS process from memory - using Dumpert
https://github.com/b4rtik/ATPMiniDump - Evade WinDefender ATP credential-theft
https://github.com/aas-n/spraykatz - remote procdump.exe, copy dump file to local system and pypykatz for analysis/extraction
https://github.com/0x09AL/RdpThief - extract live rdp logins
https://github.com/chrismaddalena/SharpCloud - Simple C# for checking for the existence of credential files related to AWS, Microsoft Azure, and Google Compute.
https://github.com/djhohnstein/SharpChromium - .NET 4.0 CLR Project to retrieve Chromium data, such as cookies, history and saved logins.
https://github.com/jfmaes/SharpHandler - This project reuses open handles to lsass to parse or minidump lsass
https://github.com/V1V1/SharpScribbles - ThunderFox for Firefox Credentials, SitkyNotesExtract for "Notes as passwords"
https://github.com/securesean/DecryptAutoLogon - Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon
https://github.com/G0ldenGunSec/SharpSecDump - .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py
https://github.com/EncodeGroup/Gopher - C# tool to discover low hanging fruits like SessionGopher
https://github.com/GhostPack/SharpDPAPI - DPAPI Creds via C#
https://github.com/Hackndo/lsassy
https://github.com/aas-n/spraykatz
https://github.com/b4rtik/SharpKatz - C# porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
https://github.com/huntergregal/mimipenguin
https://github.com/n1nj4sec/mimipy
https://github.com/dirtycow/dirtycow.github.io
https://github.com/mthbernardes/sshLooterC - SSH Credential loot
https://github.com/blendin/3snake - SSH / Sudo / SU Credential loot
https://github.com/0xmitsurugi/gimmecredz
https://github.com/TarlogicSecurity/tickey - Tool to extract Kerberos tickets from Linux kernel keys.
https://github.com/FortyNorthSecurity/Egress-Assess
https://github.com/p3nt4/Invoke-TmpDavFS
https://github.com/DhavalKapil/icmptunnel
https://github.com/iagox86/dnscat2
https://github.com/Arno0x/DNSExfiltrator
https://github.com/spieglt/FlyingCarpet - Wifi Exfiltration
https://github.com/SECFORCE/Tunna - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP
https://github.com/sysdream/chashell
https://github.com/no0be/DNSlivery - Easy files and payloads delivery over DNS
https://github.com/dxa4481/truffleHog
https://github.com/zricethezav/gitleaks
https://github.com/adamtlangley/gitscraper
https://github.com/AlessandroZ/LaZagne
https://github.com/Dionach/PassHunt
https://github.com/vulmon/Vulmap
https://github.com/mattifestation/PowerShellArsenal
https://github.com/0xd4d/dnSpy - .NET Disassembler
https://github.com/NationalSecurityAgency/ghidra
https://github.com/icsharpcode/ILSpy
https://github.com/Invoke-IR/PowerForensics
https://github.com/Neo23x0/Loki
https://github.com/gfoss/PSRecon
https://github.com/bettercap/bettercap - 💗
https://github.com/SpiderLabs/Responder
https://github.com/lgandx/Responder - more up to date
https://github.com/evilsocket/bettercap - Deprecated but still good
https://github.com/r00t-3xp10it/morpheus
https://github.com/fox-it/mitm6
https://github.com/Kevin-Robertson/InveighZero - mitm6 in C# + Inveigh default features
https://github.com/DanMcInerney/LANs.py
https://github.com/jtesta/ssh-mitm - SSH
https://github.com/pimps/wsuxploit - WSUS
https://github.com/GoSecure/WSuspicious - WSuspicious - A tool to abuse insecure WSUS connections for privilege escalations
https://github.com/GoSecure/pywsus - WSUS mitm - Standalone implementation of a part of the WSUS spec. Built for offensive security purposes.
https://github.com/SySS-Research/Seth - RDP
https://github.com/GoSecure/pyrdp - RDP man-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
https://github.com/infobyte/evilgrade - Fake Updates for various Software
https://github.com/samdenty/injectify - web application live recording, keystroke logger
https://github.com/skorov/ridrelay - User Enumeration with SMB Relay Attacks
https://github.com/Kevin-Robertson/Invoke-TheHash
https://github.com/DanMcInerney/net-creds
https://github.com/odedshimon/BruteShark -
https://github.com/lgandx/PCredz
https://github.com/Srinivas11789/PcapXray
https://github.com/outflanknl/RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
https://github.com/threat9/routersploit
https://github.com/nccgroup/autopwn
https://github.com/byt3bl33d3r/CrackMapExec
https://github.com/Cn33liz/p0wnedShell
https://github.com/archerysec/archerysec
https://github.com/vulnersCom/nmap-vulners
https://github.com/m4ll0k/AutoNSE - automate nmap with scripting capabilities
https://github.com/v3n0m-Scanner/V3n0M-Scanner
https://github.com/zdresearch/OWASP-Nettacker
https://github.com/ztgrace/changeme
https://github.com/InfosecMatter/default-http-login-hunter - Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.
https://github.com/FortyNorthSecurity/EyeWitness
https://github.com/byt3bl33d3r/WitnessMe - screenshot for webservers
https://github.com/Viralmaniar/Passhunt
https://github.com/nccgroup/Winpayloads
https://github.com/Screetsec/TheFatRat
https://github.com/xillwillx/tricky.lnk
https://github.com/trustedsec/unicorn
https://github.com/z0noxz/powerstager
https://github.com/curi0usJack/luckystrike
https://github.com/enigma0x3/Generate-Macro
https://github.com/Cn33liz/JSMeter
https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator
https://github.com/Cn33liz/StarFighters
https://github.com/BorjaMerino/Pazuzu
https://github.com/mwrlabs/wePWNise
https://github.com/Mr-Un1k0d3r/UniByAv
https://github.com/govolution/avet
https://github.com/Pepitoh/VBad
https://github.com/mdsecactivebreach/CACTUSTORCH
https://github.com/D4Vinci/Dr0p1t-Framework
https://github.com/g0tmi1k/msfpc
https://github.com/bhdresh/CVE-2017-0199 - Office RCE POC
https://github.com/GreatSCT/GreatSCT
https://github.com/mthbernardes/rsg - reverse shell generator
https://github.com/sevagas/macro_pack
https://github.com/mdsecactivebreach/SharpShooter
https://github.com/hlldz/SpookFlare
https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads
https://github.com/paranoidninja/CarbonCopy - Sign an executable for AV-Evasion
https://github.com/peewpw/Invoke-PSImage
https://github.com/Arvanaghi/CheckPlease - Sandbox Evasion techniques
https://github.com/trustedsec/nps_payload
https://github.com/stormshadow07/HackTheWorld
https://github.com/r00t-3xp10it/FakeImageExploiter
https://github.com/nccgroup/demiguise - Encrypted HTA Generation
https://github.com/med0x2e/genxlm
https://github.com/med0x2e/GadgetToJScript
https://github.com/rasta-mouse/GadgetToJScript - Optimized GadgetToJScript version
https://github.com/EgeBalci/sgn - Shikata ga nai (仕方がない) encoder ported into go with several improvements
https://github.com/matterpreter/spotter - Spotter is a tool to wrap payloads in environmentally-keyed, AES256-encrypted launchers.
https://github.com/s0lst1c3/dropengine - Malleable payload generation framework.
https://github.com/gigajew/PowerDropper - Build Powershell Script from .NET Executable
https://github.com/FortyNorthSecurity/EXCELntDonut - Excel 4.0 (XLM) Macro Generator for injecting DLLs and EXEs into memory.
https://github.com/Greenwolf/ntlm_theft - A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)
https://github.com/phackt/stager.dll - AES Encrypt payloads
https://github.com/Arno0x/EmbedInHTML - Embed and hide any file in an HTML file
https://github.com/bats3c/darkarmour - AES Encrypt C/C++ Compiled binaries and decrypt at runtime
https://github.com/christophetd/spoofing-office-macro - PoC of a VBA macro spawning a process with a spoofed parent and command line.
https://github.com/infosecn1nja/MaliciousMacroMSBuild - Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.
https://github.com/outflanknl/EvilClippy - A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
https://github.com/FortyNorthSecurity/EXCELntDonut - Excel 4.0 (XLM) Macro Generator for injecting DLLs and EXEs into memory.
https://github.com/michaelweber/Macrome - Excel Macro Document Reader/Writer for Red Teamers & Analysts
https://github.com/CCob/PwnyForm - PwnyForm will take an MSI installer as input and generate an MSI transform (mst) that can be used to inject arbitrary command execution by adding a custom action that will execute during the UI or Install sequence of an MSI file.
https://github.com/fireeye/OfficePurge - VBA purge your Office documents with OfficePurge. VBA purging removes P-code from module streams within Office documents. Documents that only contain source code and no compiled code are more likely to evade AV detection and YARA rules.
https://github.com/TestingPens/CPLDropper - A Control Panel Applet dropper project. It has a high success rate on engagements since nobody cares about .CPL files and you can just double click them.
https://github.com/FortyNorthSecurity/hot-manchego - Macro-Enabled Excel File Generator (.xlsm) using the EPPlus Library.
https://github.com/TheWover/donut - Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
https://github.com/rasta-mouse/RuralBishop - D/Invoke port of UrbanBishop
https://github.com/slyd0g/UrbanBishopLocal - A port of FuzzySecurity's UrbanBishop project for inline shellcode execution
https://github.com/FuzzySecurity/Sharp-Suite/tree/master/UrbanBishop - Donut for Shellcode Injection
https://github.com/antonioCoco/Mapping-Injection - Mapping injection is a process injection technique that avoids the usage of common monitored syscall VirtualAllocEx, WriteProcessMemory and CreateRemoteThread.
https://github.com/SolomonSklash/SyscallPOC - Shellcode injection POC using syscalls.
https://github.com/Arno0x/ShellcodeWrapper - Shellcode wrapper with encryption for multiple target languages
https://github.com/Ne0nd0g/go-shellcode - A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.
https://github.com/djhohnstein/CSharpSetThreadContext - C# Shellcode Runner to execute shellcode via CreateRemoteThread and SetThreadContext to evade Get-InjectedThread
https://github.com/pwndizzle/c-sharp-memory-injection - A set of scripts that demonstrate how to perform memory injection in C#
https://github.com/jthuraisamy/SysWhispers2 - SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls.
https://github.com/knownsec/shellcodeloader - CreateThreadpoolWait, Fiber Load, NtTestAlert Load, SEH Except Load, TLS CallBack Load, Dynamic Load, Dynamic Load plus, Syscall Load, APC-Inject Load, Early Brid APC-Inject Load, NtCreateSection-Inject Load, OEP Hiijack-Inject Load, Thread Hiijack-Inject Load
https://github.com/djhohnstein/ScatterBrain - Suite of Shellcode Running Utilities
https://github.com/D00MFist/Go4aRun - Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process
https://github.com/sh4hin/GoPurple - Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions
https://github.com/C-Sto/BananaPhone - It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)
https://github.com/3xpl01tc0d3r/ProcessInjection - This program is designed to demonstrate various process injection techniques
https://github.com/med0x2e/ExecuteAssembly - Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avoiding EDR hooks via NT static syscalls (x64) and hiding imports by dynamically resolving APIs (hash)
https://github.com/EgeBalci/amber - Reflective PE packer.
https://github.com/djhohnstein/ScatterBrain - Suite of Shellcode Running Utilities
https://github.com/phra/PEzor - Open-Source PE Packer
https://github.com/CCob/SharpBlock - A method of bypassing EDR's active projection DLL's by preventing entry point execution
https://github.com/bats3c/Ghost-In-The-Logs - Evade sysmon and windows event logging
https://github.com/am0nsec/SharpHellsGate - C# Implementation of the Hell's Gate VX Technique
https://github.com/am0nsec/HellsGate - Original C Implementation of the Hell's Gate VX Technique
https://github.com/3gstudent/Windows-EventLog-Bypass - C++ Version of Invoke-Phantom
https://github.com/Soledge/BlockEtw - .Net Assembly to block ETW telemetry in current process
https://github.com/ionescu007/faxhell - A Bind Shell Using the Fax Service and a DLL Hijack
https://github.com/realoriginal/ppdump-public - Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDump() Shellcode
https://github.com/bats3c/EvtMute - This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging.
https://github.com/hasherezade/exe_to_dll
https://github.com/hasherezade/dll_to_exe
https://github.com/hasherezade/pe_to_shellcode
https://github.com/sensepost/kwetza
https://github.com/aboul3la/Sublist3r
https://github.com/TheRook/subbrute
https://github.com/michenriksen/aquatone
https://github.com/darkoperator/dnsrecon
https://github.com/fwaeytens/dnsenum
https://github.com/s0md3v/Striker + Scanner
https://github.com/leebaird/discover
https://github.com/eldraco/domain_analyzer - more like an audit
https://github.com/caffix/amass - 💗
https://github.com/subfinder/subfinder
https://github.com/TypeError/domained
https://github.com/SilverPoision/Rock-ON
https://github.com/dafthack/PowerMeta
https://github.com/ElevenPaths/FOCA
https://github.com/vesche/scanless
https://github.com/DanMcInerney/pentest-machine
https://github.com/jaeles-project/jaeles - The Swiss Army knife for automated Web Application Testing
https://github.com/leapsecurity/InSpy
https://github.com/dchrastil/ScrapedIn
https://github.com/SimplySecurity/SimplyEmail
https://github.com/clr2of8/GatherContacts
https://github.com/s0md3v/Zen - Find Emails of Github Users
https://github.com/m8r0wn/CrossLinked - super fast emails via google/bing linkedin dorks
https://github.com/m4ll0k/Infoga
https://github.com/navisecdelta/EmailGen - A simple email generator that uses dorks on Bing to generate emails from LinkedIn Profiles.
https://github.com/megadose/holehe - allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.
https://github.com/nyxgeek/o365recon
https://github.com/gremwell/o365enum - Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover v1, or office.com login page.
https://github.com/dafthack/MSOLSpray - A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
https://github.com/sachinkamath/NTLMRecon - Tool to enumerate information from NTLM authentication enabled web endpoints
https://github.com/ustayready/fireprox - rotate IP Adresses over AWS - Combine with MSOLSpray
https://github.com/True-Demon/raindance - office 365 recon
https://github.com/dafthack/MailSniper
https://github.com/sensepost/ruler
https://github.com/Greenwolf/Spray - lockout Time integrated
https://github.com/nyxgeek/lyncsmash - Lync Credential Finder
https://github.com/byt3bl33d3r/SprayingToolkit - Scripts to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient
https://github.com/mdsecresearch/LyncSniper - Lync Credential Finder
https://github.com/3gstudent/easBrowseSharefile - Use to browse the share file by eas(Exchange Server ActiveSync)
https://github.com/FSecureLABS/peas - PEAS is a Python 2 library and command line application for running commands on an ActiveSync server e.g. Microsoft Exchange.
https://github.com/snovvcrash/peas - Modified version of PEAS client for offensive operations - https://snovvcrash.rocks/2020/08/22/tuning-peas-for-fun-and-profit.html
https://github.com/RedLectroid/OutlookSend - A C# tool to send emails through Outlook from the command line or in memory
https://github.com/nccgroup/Carnivore - Tool for assessing on-premises Microsoft servers authentication such as ADFS, Skype, Exchange, and RDWeb
https://github.com/Airboi/CVE-2020-17144-EXP - Exchange2010 authorized RCE
https://github.com/Ridter/cve-2020-0688 - OWA Deserialisation RCE
https://github.com/httpvoid/CVE-Reverse/tree/master/CVE-2020-15505
https://github.com/galkan/crowbar - Brute force non hydra compliant services - RDP, VNC, OpenVPN
https://github.com/1N3/BruteX - Brute Force various services
https://github.com/x90skysn3k/brutespray - 😎
https://github.com/DarkCoderSc/win-brute-logon - Crack any Microsoft Windows users password without any privilege (Guest account included)
https://github.com/lanjelot/patator
https://github.com/dafthack/RDPSpray - RDP Password Spray - No Event Logs
https://github.com/xFreed0m/RDPassSpray - Python3 tool to perform password spraying using RDP
https://github.com/hatlord/snmpwn
https://github.com/sensepost/xrdp
https://github.com/RUB-NDS/PRET
https://github.com/BusesCanFly/PRETty - Automation for PRET
https://github.com/quentinhardy/msdat
https://github.com/quentinhardy/odat
https://github.com/SpiderLabs/ikeforce
https://github.com/m8r0wn/nullinux
https://github.com/airbus-seclab/ilo4_toolbox https://www.exploit-db.com/exploits/44005
https://github.com/guardicore/vmware_vcenter_cve_2020_3952 - Exploit for CVE-2020-3952 in vCenter 6.7
https://github.com/Coalfire-Research/DeathMetal
https://github.com/comaeio/OPCDE
https://github.com/gelim/sap_ms
https://github.com/chipik/SAP_GW_RCE_exploit
Found Port 9001 open? Try that:
https://github.com/hannob/fpmvuln - bash poc scripts to exploit open fpm ports
https://github.com/0xn0ne/weblogicScanner - scan/test for nearly all weblogic vulns
https://github.com/quentinhardy/jndiat - WEblogic Server Tests
https://github.com/kingkaki/weblogic-scan
https://github.com/FlyfishSec/weblogic_rce - cve-2019-2725
https://github.com/SukaraLin/CVE-2019-2890
https://github.com/1337g/CVE-2017-10271
https://github.com/LandGrey/CVE-2018-2894
https://github.com/Y4er/CVE-2020-2551
https://github.com/sensepost/SPartan - Sharepoint Fingerprint + Exploitation
https://github.com/Voulnet/desharialize
https://github.com/noperator/CVE-2019-18935
https://github.com/FortyNorthSecurity/EyeWitness
https://github.com/mubix/solarflare - SolarWinds Orion Account Audit / Password Dumping Utility
https://github.com/n1nj4sec/pupy
https://github.com/nettitude/PoshC2
https://github.com/FortyNorthSecurity/WMImplant
https://github.com/quasar/QuasarRAT
https://github.com/EmpireProject/Empire
https://github.com/zerosum0x0/koadic
https://github.com/Mr-Un1k0d3r/ThunderShell
https://github.com/Ne0nd0g/merlin
https://github.com/Arno0x/WebDavC2
https://github.com/malwaredllc/byob
https://github.com/byt3bl33d3r/SILENTTRINITY
https://github.com/Arno0x/WSC2
https://github.com/BC-SECURITY/Empire - Empire with embedded AMSI-Bypass
https://github.com/cobbr/Covenant
https://github.com/BishopFox/sliver - Implant framework
https://github.com/bats3c/shad0w - A post exploitation framework designed to operate covertly on heavily monitored environments
https://github.com/FSecureLABS/C3 - Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp - Open-Source Remote Administration Tool For Windows C# (RAT)
https://github.com/its-a-feature/Mythic
https://github.com/MythicAgents/Apollo
https://github.com/MythicAgents/Nimplant
https://github.com/DeEpinGh0st/Erebus
https://github.com/aleenzz/Cobalt_Strike_wiki
https://github.com/FortyNorthSecurity/C2concealer
https://github.com/invokethreatguy/AggressorCollection
https://github.com/harleyQu1nn/AggressorScripts
https://github.com/mgeeky/cobalt-arsenal - My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
https://github.com/AhMyth/AhMyth-Android-RAT
https://github.com/neoneggplant/EggShell
https://github.com/wifiphisher/wifiphisher
https://github.com/P0cL4bs/WiFi-Pumpkin
https://github.com/s0lst1c3/eaphammer
https://github.com/h0nus/RogueSploit
https://github.com/Tylous/SniffAir
https://github.com/FluxionNetwork/fluxion
https://github.com/derv82/wifite2
https://github.com/ICSec/airpwn-ng
https://github.com/xdavidhu/mitmAP
https://github.com/ZerBea/hcxdumptool
https://github.com/faizann24/wifi-bruteforcer-fsecurify
https://github.com/chrisk44/Hijacker
https://github.com/samyk/slipstream - NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by the victim visiting a website
https://github.com/secgroundzero/warberry
https://github.com/samyk/poisontap
https://github.com/mame82/P4wnP1
https://github.com/mame82/P4wnP1_aloa
https://github.com/pi-hole/pi-hole
https://github.com/carmaa/inception - PCI-based DMA
https://github.com/samratashok/Kautilya
https://github.com/ufrisk/pcileech - PCI based DMA
https://github.com/Screetsec/Brutal - Teensy Payloads
https://github.com/insecurityofthings/jackit
https://github.com/BastilleResearch/mousejack
https://github.com/kgretzky/evilginx
https://github.com/threatexpress/domainhunter
https://github.com/netevert/dnsmorph - lookup valid phishing-Domains
https://github.com/elceef/dnstwist - lookup valid phishing-Domains
https://github.com/quickbreach/SMBetray - Change SMB Files on the fly
https://github.com/SteveLTN/https-portal
https://github.com/ryhanson/phishery
https://github.com/curtbraz/Phishing-API - Comprehensive Web Based Phishing Suite of Tools for Rapid Deployment and Real-Time Alerting!
https://github.com/cisagov/Sparrow - Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.
https://github.com/meirwah/awesome-incident-response
https://github.com/CredDefense/CredDefense - Credential and Red Teaming Defense for Windows Environments
https://github.com/PaulSec/awesome-windows-domain-hardening
https://github.com/ernw/hardening
https://github.com/Invoke-IR/Uproot
https://github.com/danielbohannon/Revoke-Obfuscation - powershell obfuscation detection
https://github.com/countercept/python-exe-unpacker - python exe decompile
https://github.com/0xd4d/de4dot - .NET Revoke-Obfuscation
https://github.com/securitywithoutborders/hardentools
https://github.com/x0rz/phishing_catcher
https://github.com/Ben0xA/PowerShellDefense
https://github.com/emposha/PHP-Shell-Detector
https://github.com/LordNoteworthy/al-khaser
https://github.com/Security-Onion-Solutions/security-onion - ids
https://github.com/ptresearch/AttackDetection
https://github.com/MHaggis/hunt-detect-prevent
https://github.com/JPCERTCC/LogonTracer - Investigate malicious Windows logon by visualizing and analyzing Windows event log
https://github.com/lithnet/ad-password-protection - AD Passwort Blacklisting
https://github.com/R3MRUM/PSDecode - Powershell DE-Obfuscation
https://github.com/denisugarte/PowerDrive - A tool for de-obfuscating PowerShell scripts
https://github.com/matterpreter/DefenderCheck - Identifies the bytes that Microsoft Defender flags on.
https://github.com/rasta-mouse/ThreatCheck - Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
https://github.com/hegusung/AVSignSeek - Tool written in python3 to determine where the AV signature is located in a binary/payload
https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES
https://github.com/ION28/BLUESPAWN - An Active Defense and EDR software to empower Blue Teams
https://github.com/hasherezade/hollows_hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
https://github.com/hasherezade/pe-sieve - Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
https://github.com/0Kee-Team/WatchAD - AD Security Intrusion Detection System
https://github.com/nsacyber/Mitigating-Web-Shells
https://github.com/redcanaryco/atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
https://github.com/danielmiessler/SecLists
https://github.com/berzerk0/Probable-Wordlists
https://github.com/govolution/betterdefaultpasslist
https://github.com/insidetrust/statistically-likely-usernames
https://github.com/LandGrey/pydictor
https://github.com/sc0tfree/mentalist
https://github.com/skahwah/wordsmith
https://github.com/1N3/IntruderPayloads
https://github.com/fuzzdb-project/fuzzdb
https://github.com/Bo0oM/fuzz.txt
https://github.com/laconicwolf/Password-Scripts
https://github.com/FlameOfIgnis/Pwdb-Public - A collection of all the data i could extract from 1 billion leaked credentials from internet.
https://github.com/davidprowe/BadBlood
https://github.com/xoreaxeaxeax/movfuscator
https://github.com/danielbohannon/Invoke-DOSfuscation
https://github.com/unixpickle/gobfuscate - GO Obfuscator
https://github.com/NotPrab/.NET-Obfuscator - Lists of .NET Obfuscator (Free, Trial, Paid and Open Source )
https://github.com/javascript-obfuscator/javascript-obfuscator - Javascript Obfuscator
https://github.com/danielbohannon/Invoke-Obfuscation - Powershell Obfuscator
https://github.com/BinaryScary/NET-Obfuscate - .NET IL Obfuscator
https://github.com/scrt/avcleaner - C/C++ source obfuscator for antivirus bypass
https://github.com/meme/hellscape - GIMPLE obfuscator for C, C++, Go, ... all supported GCC targets and front-ends that use GIMPLE.
https://github.com/mgeeky/VisualBasicObfuscator - VBS Obfuscator
https://github.com/3xpl01tc0d3r/Obfuscator - Shellcode Obfuscator
https://github.com/EgeBalci/sgn - Shellcode Encoder
https://github.com/Ciphey/Ciphey - Ciphey is an automated decryption tool. Input encrypted text, get the decrypted text back.
https://github.com/Coalfire-Research/npk - A mostly-serverless distributed hash cracking platform
https://github.com/JoelGMSec/Cloudtopolis - Cracking hashes in the Cloud (for free!)
https://github.com/avast/retdec
https://github.com/MobSF/Mobile-Security-Framework-MobSF
https://github.com/mre/awesome-static-analysis
https://github.com/eslint/eslint - Javascript
https://github.com/dpnishant/jsprime - Javascript
https://github.com/phpstan/phpstan - PHP
https://github.com/byt3bl33d3r/OffensiveNim
https://github.com/pentestmonkey/gateway-finder
https://github.com/Cybellum/DoubleAgent
https://github.com/ytisf/theZoo
https://github.com/kbandla/APTnotes
https://github.com/WindowsLies/BlockWindows
https://github.com/secrary/InjectProc
https://github.com/AlsidOfficial/WSUSpendu
https://github.com/SigPloiter/SigPloit
https://github.com/virajkulkarni14/WebDeveloperSecurityChecklist
https://github.com/PowerShell/PowerShell
https://github.com/landhb/HideProcess
https://github.com/meliht/Mr.SIP
https://github.com/XiphosResearch/exploits
https://github.com/jas502n/CVE-2019-13272
https://github.com/fox-it/cve-2019-1040-scanner
https://github.com/worawit/MS17-010
https://github.com/DiabloHorn/yara4pentesters
https://github.com/D4Vinci/Cr3dOv3r
https://github.com/a2u/CVE-2018-7600 - Drupal Exploit
https://github.com/joxeankoret/CVE-2017-7494 - SAMBA Exploit
https://github.com/D4Vinci/One-Lin3r - Reverse Shell Oneliner / Payload Generation
https://github.com/0x00-0x00/ShellPop - Reverse/Bind Shell Generator
https://github.com/Acceis/crypto_identifier
https://github.com/sensepost/UserEnum - check if a user is valid in a domain
https://github.com/LOLBAS-Project/LOLBAS - Living of the Land Binaries
https://github.com/peewpw/Invoke-BSOD - Windows Denial of Service Exploit
https://github.com/mtivadar/windows10_ntfs_crash_dos - Windows Denial of Service Exploit
https://github.com/deepzec/Bad-Pdf PDF Steal NTLMv2 Hash Exploit - CVE-2018-4993
https://github.com/SecureAuthCorp/impacket - 💥 🔥 💥
https://github.com/blacknbunny/libSSH-Authentication-Bypass - LibSSH Authentication Bypass vuln.
https://github.com/OneLogicalMyth/zeroday-powershell - windows Privesc Exploit
https://github.com/smicallef/spiderfoot - OSINT
https://github.com/ShawnDEvans/smbmap
https://github.com/Coalfire-Research/java-deserialization-exploits - Deserialisation Exploits
https://github.com/RhinoSecurityLabs/GCPBucketBrute - S3 bucket tester
https://github.com/khast3x/h8mail
https://github.com/dirkjanm/adidnsdump - Zone transfer like for internal assessment
https://github.com/gquere/pwn_jenkins
https://github.com/JavelinNetworks/IR-Tools - Get-ShellContent.ps1 get the typed content for all open shells
https://github.com/taviso/ctftool - windows CTF Exploitation
https://github.com/jedisct1/dsvpn
https://github.com/GoSecure/dtd-finder
https://github.com/tyranid/DotNetToJScript
https://github.com/cfreal/exploits - Apache Privilege Escalation
https://github.com/adamdriscoll/snek - Execute python from powershell
https://github.com/g0tmi1k/exe2hex
https://github.com/beurtschipper/Depix - Recovers passwords from pixelized screenshots
https://github.com/slaeryan/AQUARMOURY - This is a tool suite consisting of miscellaneous offensive tooling aimed at red teamers/penetration testers to primarily aid in Defense Evasion TA0005
https://github.com/mmozeiko/aes-finder - Utility to find AES keys in running processes
https://github.com/Flangvik/SharpCollection - Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
https://github.com/jas502n/CVE-2020-5902
https://github.com/hausec/PowerZure
https://github.com/NetSPI/MicroBurst
https://github.com/dirkjanm/ROADtools - The Azure AD exploration framework.
https://github.com/dafthack/CloudPentestCheatsheets
https://github.com/realgam3/pymultitor
https://github.com/Und3rf10w/kali-anonsurf
https://github.com/GouveaHeitor/nipe
https://github.com/cryptolok/GhostInTheNet
https://github.com/DanMcInerney/elite-proxy-finder
https://github.com/vulnersCom/getsploit
https://github.com/1N3/Findsploit
https://github.com/dark-lbp/isf
https://github.com/klsecservices/s7scan
https://github.com/scipag/nac_bypass
https://github.com/cedowens/Jenkins_Hunter_CSharp
https://github.com/petercunha/jenkins-rce
https://github.com/gquere/pwn_jenkins
https://medium.com/@adamyordan/a-case-study-on-jenkins-rce-c2558654f2ce
https://github.com/mogwailabs/mjet
https://github.com/siberas/sjet
https://github.com/qtc-de/beanshooter - JMX enumeration and attacking tool.
https://github.com/trustedsec/cve-2019-19781
https://github.com/vulnersCom/mikrot8over - Fast exploitation tool for Mikrotik RouterOS up to 6.38.4
https://github.com/obscuritylabs/RAI
https://github.com/Coalfire-Research/Red-Baron - terraform cloud c2 redirector setup
https://github.com/qsecure-labs/overlord - Red Teaming Infrastructure Automation based on Red-Baron
https://github.com/rmikehodges/hideNsneak - This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls.
https://github.com/shr3ddersec/Shr3dKit
https://github.com/t94j0/satellite
https://github.com/chenjj/espoofer
https://github.com/n0b0dyCN/redis-rogue-server
https://github.com/Ridter/redis-rce
MSF:
-
scanner/redis/file_upload
-
exploit/linux/redis/redis_replication_cmd_exec
Windows Targets - Webshell upload
redis-cli -h targethost -p targetport
config set dir C:\inetpub\wwwroot\
config set dbfilename shell.aspx
set test "Webshell content"
save
https://github.com/mgeeky/tomcatWarDeployer - Apache Tomcat auto WAR deployment & pwning penetration testing tool.
https://github.com/00theway/Ghostcat-CNVD-2020-10487 - AJP Exploit CVE-2020-1938
https://github.com/Ridter/redis-rce
https://github.com/swisskyrepo/SSRFmap
https://github.com/torque59/Nosql-Exploitation-Framework
https://github.com/Charlie-belmer/nosqli - NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
https://github.com/luisfontes19/xxexploiter
https://github.com/0xbug/Biu-framework
https://github.com/NickstaDB/BaRMIe
https://github.com/BishopFox/rmiscout - RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
https://github.com/ticarpi/jwt_tool
https://github.com/AbsoZed/DockerPwn.py - automation of Docker TCP socket abuse
https://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/CVE%20Exploits/Docker%20API%20RCE.py - Docker API exposed RCE
https://github.com/neex/phuip-fpizdam - nginx + php misconfiguration
https://github.com/mdsecactivebreach/o365-attack-toolkit
https://github.com/ojasookert/CVE-2017-0785
https://github.com/evilsocket/bleah
https://github.com/virtualabs/btlejack
https://github.com/mame82/LOGITacker
https://github.com/TryCatchHCF/DumpsterFire
https://github.com/NextronSystems/APTSimulator
https://github.com/redhuntlabs/RedHunt-OS
https://github.com/guardicore/monkey
https://github.com/k4m4/dcipher-cli
https://github.com/s0md3v/Hash-Buster
https://github.com/initstring/passphrase-wordlist
https://github.com/sailay1996/expl-bin
https://github.com/CyDefUnicorn/OSCP-Archives
https://github.com/antonioCoco/SharPyShell
https://github.com/flozz/p0wny-shell
https://github.com/nil0x42/phpsploit - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner
https://github.com/gellin/bantam - A PHP backdoor management and generation tool/C2 featuring end to end encrypted payload streaming designed to bypass WAF, IDS, SIEM systems.
https://github.com/SecurityRiskAdvisors/cmd.jsp
https://github.com/D3VI5H4/Antivirus-Artifacts - List of Hooking DLLs for different AV vendors
https://github.com/PwnDexter/SharpEDRChecker - Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
https://github.com/Hack-with-Github/Awesome-Hacking
https://github.com/enaqx/awesome-pentest
https://github.com/HarmJ0y/CheatSheets
https://github.com/zhzyker/exphub
https://github.com/vysecurity/RedTips
https://github.com/toolswatch/blackhat-arsenal-tools
https://github.com/jivoi/awesome-osint
https://github.com/qazbnm456/awesome-cve-poc
https://github.com/swisskyrepo/PayloadsAllTheThings
https://github.com/dsasmblr/hacking-online-games
https://github.com/carpedm20/awesome-hacking
https://github.com/rshipp/awesome-malware-analysis
https://github.com/thibmaek/awesome-raspberry-pi
https://github.com/bigb0sss/RedTeam-OffensiveSecurity
https://github.com/vitalysim/Awesome-Hacking-Resources
https://github.com/mre/awesome-static-analysis
https://github.com/coreb1t/awesome-pentest-cheat-sheets
https://github.com/infosecn1nja/Red-Teaming-Toolkit
https://github.com/rmusser01/Infosec_Reference
https://github.com/trimstray/the-book-of-secret-knowledge
https://github.com/N7WEra/SharpAllTheThings
https://github.com/3gstudent/Pentest-and-Development-Tips
https://github.com/qazbnm456/awesome-web-security
https://github.com/chryzsh/awesome-windows-security
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
https://github.com/We5ter/Scanners-Box
https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet
https://github.com/smgorelik/Windows-RCE-exploits
https://github.com/trustedsec/physical-docs
https://github.com/matterpreter/OffensiveCSharp
https://github.com/mgeeky/Penetration-Testing-Tools
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/mantvydasb/RedTeam-Tactics-and-Techniques
https://github.com/netbiosX/Checklists
https://github.com/Mr-Un1k0d3r/RedTeamCSharpScripts
https://github.com/adon90/pentest_compilation
https://github.com/sailay1996/awesome_windows_logical_bugs
https://github.com/EnableSecurity/awesome-rtc-hacking
https://github.com/api0cradle/UltimateAppLockerByPassList
https://github.com/hahwul/WebHackersWeapons
https://github.com/d0nkeys/redteam
https://github.com/d1pakda5/PowerShell-for-Pentesters