Cheatsheets - Penetration Testing/Security Cheatsheets
awesome-pentest - penetration testing resources
Red-Team-Infrastructure-Wiki - Red Team infrastructure hardening resources Red-Team-Infrastructure-Wiki
Infosec_Reference - Information Security Reference
JettyBleed - Jetty HttpParser Error Remote Memory Disclosure
clusterd - Jboss/Coldfusion/WebLogic/Railo/Tomcat/Axis2/Glassfish
xsser - From XSS to RCE wordpress/joomla
Java-Deserialization-Exploit - weaponizes ysoserial code to gain a remote shellJava-Deserialization-Exploit
wordpress-exploit-framework - penetration testing of WordPress
joomlol - Joomla User-Agent/X-Forwarded-For RCE
joomlavs - Joomla vulnerability scanner
mongoaudit - MongoDB auditing and pentesting tool
davscan - Fingerprints servers, finds exploits, scans WebDAV
HandyHeaderHacker - Examine HTTP response headers for common security issues
OpenDoor - OWASP Directory Access scanner
ASH-Keylogger - simple keylogger application for XSS attack
tbhm - The Bug Hunters Methodology
NoSQLMap - Mongo database and NoSQL
backslash-powered-scanner - unknown classes of injection vulnerabilities
BurpSmartBuster - content discovery plugin
ActiveScanPlusPlus - extends Burp Suite's active and passive scanning capabilities
yodo - become root via limited sudo permissions
Pa-th-zuzu - Checks for PATH substitution vulnerabilities
sudo-snooper - acts like the original sudo binary to fool users
RottenPotato - local privilege escalation from service account
UACMe - Windows AutoElevate backdoor
Invoke-LoginPrompt - Invokes a Windows Security Login Prompt
Exploits-Pack - Exploits for getting local root on Linux
windows-privesc-check - Standalone Executable
unix-privesc-check - simple privilege escalation vectors
LinEnum - local Linux Enumeration & Privilege Escalation Checks
cowcron - Cronbased Dirty Cow Exploit
WindowsExploits - Precompiled Windows exploits
Privilege-Escalation - common local exploits and enumeration scripts
Unix-Privilege-Escalation-Exploits-Pack
Sherlock - PowerShell script to quickly find missing software patches
GTFOBins - list of Unix binaries that can be exploited to bypass system security restrictionsGTFOBins.github.io
eyephish - find similar looking domain names
luckystrike - A PowerShell based utility for the creation of malicious Office macro documentsluckystrike
phishery - Basic Auth Credential Harvester with a Word Document Template URL Injector
ReelPhish - Real-Time Two-Factor Phishing Tool
truffleHog - Searches through git repositories for high entropy strings
github-dorks - reveal sensitive personal and/or organizational information
gitrob - find sensitive information
Bluto - DNS Recon , Email Enumeration
Sublist3r - Fast subdomains enumeration tool for penetration testers
snitch - information gathering via dorks
RTA - scan all company's online facing assets
InSpy - LinkedIn enumeration tool
LinkedInt - LinkedIn scraper for reconnaissance
MailSniper - searching through email in a Microsoft Exchange
Windows-Exploit-Suggester - patch levels against vulnerability database
dnscat2-powershell - A Powershell client for dnscat2, an encrypted DNS command and control tooldnscat2-powershell
lazykatz - xtract credentials from remote targets protected with AV
Invoke-Vnc - Powershell VNC injector
spraywmi - mass spraying Unicorn PowerShell injection
redsnarf - for retrieving hashes and credentials from Windows workstations
HostRecon - situational awareness
mimipenguin - login password from the current linux user
rpivot - socks4 reverse proxy for penetration testing
cookie_stealer - steal cookies from firefox cookies databas
Wifi-Dumper - dump the wifi profiles and cleartext passwords of the connected access pointsWifi-Dumper
WebLogicPasswordDecryptor - decrypt WebLogic passwords
jenkins-decrypt - Credentials dumper for Jenkins
mimikittenz - ReadProcessMemory() in order to extract plain-text passwords
LaZagne - Credentials recovery project
SessionGopher - extract WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop
BrowserGather - Fileless web browser information extraction
windows_sshagent_extract - extract private keys from Windows 10's built in ssh-agent servicewindows_sshagent_extract
Sticky-Keys-Slayer - Scans for accessibility tools backdoors via RDP
DomainPasswordSpray - password spray attack against users of a domain
BloodHound - reveal relationships within an Active Directory
APT2 - An Automated Penetration Testing Toolkit
CredNinja - identify if credentials are valid
EyeWitness - take screenshots of websites
gowitness - a golang, web screenshot utility
PowerUpSQL - PowerShell Toolkit for Attacking SQL Server
sparta - scanning and enumeration
Sn1per - Automated Pentest Recon Scanner
PCredz - This tool extracts creds from a pcap file or from a live interface
ridrelay - Enumerate usernames on a domain where you have no creds
air-hammer - WPA Enterprise horizontal brute-force
mana - toolkit for wifi rogue AP attacks
crEAP - Harvesting Users on Enterprise Wireless Networks
wifiphisher - phishing attacks against Wi-Fi clients
mitmproxy - An interactive TLS-capable intercepting HTTP proxy
MITMf - Framework for Man-In-The-Middle attacks
Gifts/Responder - Responder for old python
shelljack - man-in-the-middle pseudoterminal injection
poisontap - Exploits locked/password protected computers over USB
OverThruster - HID attack payload generator for Arduinos
Paensy - An attacker-oriented library for the Teensy 3.1 microcontroller
Kautilya - Payloads for a Human Interface Device
JavaReverseTCPShell - Spawns a reverse TCP shell in Java
splunk_shells - Splunk with reverse and bind shells
pyshell - shellify Your HTTP Command Injection
RobotsDisallowed - harvest of the Disallowed directories
SecLists - collection of multiple types of lists
Probable-Wordlists - Wordlists sorted by probability
ARCANUS - payload generator/handler.
Winpayloads - Undetectable Windows Payload Generation
weevely3 - Weaponized web shell
fuzzdb - Dictionary of attack patterns
payloads - web attack payloads
HERCULES - payload generator that can bypass antivirus
Insanity-Framework - Generate Payloads
Brosec - An interactive reference tool for payloads
MacroShop - delivering payloads via Office Macros
Demiguise - HTA encryption tool
ClickOnceGenerator - Quick Malicious ClickOnceGenerator
PayloadsAllTheThings - A list of useful payloads
MMeTokenDecrypt - Decrypts and extracts iCloud and MMe authorization tokens
OSXChromeDecrypt - Decrypt Google Chrome and Chromium Passwords on Mac OS X
EggShell - iOS and OS X Surveillance Tool
bonjour-browser - command line tool to browse for Bonjour
logKext - open source keylogger for Mac OS X
OSXAuditor - OS X computer forensics tool
davegrohl - Password Cracker for OS X
chainbreaker - Mac OS X Keychain Forensic Tool
FiveOnceInYourLife - Local osx dialog box phishing
ARD-Inspector - ecrypt the Apple Remote Desktop database
keychaindump - reading OS X keychain passwords
Bella - python, post-exploitation, data mining tool
EvilOSX - pure python, post-exploitation, RAT
cpscam - Bypass captive portals by impersonating inactive users
wordsmith - assist with creating tailored wordlists
ObfuscatedEmpire - fork of Empire with Invoke-Obfuscation integrated directly in
obfuscate_launcher - Simple script for obfuscating payload launchers
Invoke-CradleCrafter - Download Cradle Generator & Obfuscator
Invoke-Obfuscation - PowerShell Obfuscator
nps_payload - payloads for basic intrusion detection avoidance