#

pentest

Here are 561 public repositories matching this topic...

PayloadsAllTheThings

swisskyrepo / PayloadsAllTheThings

Star

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Updated Sep 27, 2020
Python

SecWiki / windows-kernel-exploits

Star

windows-kernel-exploits Windows平台提权漏洞集合

windows kernel exploit tool collections pentest

Updated Jul 12, 2020
C

maurosoria / dirsearch

Star

Web path scanner

python security scanner hacking bruteforce penetration-testing bug-bounty fuzzing pentesting pentest fuzzer appsec dirsearch dirbuster scanner-web

Updated Sep 28, 2020
Python

vanhauser-thc / thc-hydra

Star

Open

Hydra not decoding ^USER^ and ^PASS^ when passed as HTTP Headers

5

jhertz commented Apr 17, 2020

Hi All,

So I'm trying to use hydra to bruteforce a login on a system that uses custom http headers to receive the username and password. Hydra does not seem to be doing substitution of ^USER^ and ^PASS^ when used as HTTP headers. If I issue issuing a call to hydra like this:

hydra "http-post://0.0.0.0:8000/:H=username\:^USER^:H=password\:^PASS^" -l admin -p admin

I see the following r

Read more

enhancement good first issue help wanted

Open

Feature Request - use pkgconfig to detect build dependencies

5

sundowndev / hacker-roadmap

Star

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

roadmap hacking penetration-testing post-exploitation vulnerabilities pentest exploitation hacking-tool frameworks information-gathering web-hacking hacktools

Updated Apr 12, 2020

1N3 / Sn1per

Star

Automated pentest framework for offensive security experts

Updated Sep 27, 2020
Shell

nahamsec / Resources-for-Beginner-Bug-Bounty-Hunters

Star

A list of resources for those interested in getting started in bug bounties

education hackers hacking xss bug-bounty web-security pentest ssrf bug-bounty-hunters learn2hack

Updated Sep 17, 2020

SecWiki / linux-kernel-exploits

Star

linux-kernel-exploits Linux平台提权漏洞集合

linux awesome collection kernel exploit tool pentest

Updated Jul 13, 2020
C

k8gege / K8tools

Star

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

database apt exploit scanner hacking password poc brute-force pentest bypass crack privilege-escalation 0day getshell netscan rar-mysql

Updated Sep 18, 2020
PowerShell

onlurking / awesome-infosec

Star

A curated list of awesome infosec courses and training resources.

security awesome lab penetration-testing courses infosec pentest security-professionals

Updated May 14, 2020

objection

sensepost / objection

Star

📱 objection - runtime mobile exploration

android security ios mobile framework instrumentation pentest frida

Updated Sep 24, 2020
Python

urbanadventurer / WhatWeb

Star

Next generation web scanner

Updated Sep 21, 2020
Ruby

foospidy / payloads

Star

Git All the Payloads! A collection of web attack payloads.

hacking xss cybersecurity sqli passwords pentest appsec payload payloads web-attack-payloads

Updated Jul 19, 2020
Shell

nixawk / pentest-wiki

Star

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

security hacking pentest

Updated Sep 22, 2020
Python

lanjelot / patator

Star

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

brute-force pentest

Updated Jul 26, 2020
Python

coreb1t / awesome-pentest-cheat-sheets

Star

Collection of the cheat sheets useful for pentesting

security awesome cheatsheet penetration-testing pentest security-cheat-sheets pentest-cheat-sheets

Updated Aug 30, 2020

k8gege / Ladon

Star

大型内网渗透扫描器&Cobalt Strike，Ladon7.2内置94个模块，包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列，密码口令爆破(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、Netbios、LDAP、SmbHash、WmiHash、Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

security tools hack exploit scanner hacking password poc brute-force pentest portscan security-scanner exp security-tools ladon ipscanner getshell netscan

Updated Sep 15, 2020
C#

evilcos / xssor2

Star

XSS'OR - Hack with JavaScript.

encoding hack xss probe csrf pentest hacking-tool pentest-tool

Updated Aug 19, 2020
JavaScript

UndeadSec / SocialFish

Star

Open

is it possible to make it check the entered password ?

3

minanagehsalalma commented Mar 16, 2019

so if the password is correct it accepts it .... and if it's wrong it says the entered password is wrong .. and asks for the password again .. just like what the real sites do :)

Read more

enhancement good first issue help wanted

LandGrey / pydictor

Star

A powerful and useful hacker dictionary builder for a brute-force attack

password-generator bruteforce wordlist brute-force weak-passwords dictionary-attack pentest wordlist-generator password-cracker hackertools social-engineering-attacks bruteforce-password-cracker password-wordlist hacker-dictionary-builder

Updated Sep 14, 2020
Python

cujanovic / SSRF-Testing

Star

SSRF (Server Side Request Forgery) testing resources

pentesting pentest ssrf pentest-tool server-side-request-forgery

Updated Sep 5, 2020
Python

rewardone / OSCPRepo

Star

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

penetration-testing pentest oscp reconscan

Updated Jun 22, 2020
C

evil-winrm

Hackplayers / evil-winrm

Star

The ultimate WinRM shell for hacking/pentesting

ruby shell docker powershell pentesting-windows hacking kerberos pentesting winrm pentest pass-the-hash remote-management win-rm evil-winrm psrp

Updated Jun 20, 2020
Ruby

owtf / owtf

Star

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

python linux security nist framework passive mozilla traffic owasp pentest impact kali-linux owtf semi-passive web-application-security

Updated Sep 7, 2020
Python

tom0li / collection-document

Star

Collection of quality safety articles

Updated Sep 27, 2020

0x00-0x00 / ShellPop

Star

Pop shells like a master.

shell remote hacking reverse bind pentest pop-shells

Updated Apr 2, 2019
Python

swisskyrepo / SSRFmap

Star

Automatic SSRF fuzzer and exploitation tool

vulnerability ctf pentest exploitation ssrf server-side-request-forgery ssrfmap

Updated Jan 28, 2020
Python

al0ne / Vxscan

Star

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

python tools cdn detection waf fingerprint python3 identification scan-tool pentest portscan port-scanning security-tools directory-scanning poc-scanning website-fingerprint fingerprint-recognition-error

Updated Jan 2, 2020
Python

pentest-guide

Voorivex / pentest-guide

Star

Penetration tests guide based on OWASP including test cases, resources and examples.

penetration-testing vulnerability bugbounty pentest bypass payload writeup owasp-tests

Updated Sep 23, 2020

m0rtem / CloudFail

Star

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

database scanner tor bruteforce python3 cloudflare ip pentesting recon pentest cloudflare-ip

Updated Jul 31, 2020
Python

Improve this page

Add a description, image, and links to the pentest topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the pentest topic, visit your repo's landing page and select "manage topics."

You can’t perform that action at this time.