Automatic SQL injection and database takeover tool
-
Updated
Sep 28, 2020 - Python
#
pentesting
Here are 1,365 public repositories matching this topic...
Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.
windows
linux
awesome
osint
malware
hacking
resources
sql-injection
csrf
awesome-list
pentesting
malware-analysis
bugbounty
kali-linux
hacking-tool
dork
information-gathering
xxe
redteam
osint-resources
-
Updated
Sep 20, 2020
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
android
python
windows
linux
shell
backdoor
reverse-shell
rat
pentesting
post-exploitation
remote-access
payload
mac-os
meterpreter
pupy
reflective-injection
remote-admin-tool
-
Updated
Sep 7, 2020 - Python
Open
Add UUencode decoder
3
SkeletalDemise
commented
Sep 27, 2020
Hey Hackers of this spoopy month!
Welcome to the Ciphey repo(s)!
This issue requires you to add a decoder.
This wiki section walks you through EVERYTHING you need to know, and we've added some more links at the bottom of this issue to detail more about the decoder.
https://github.com/Ciphey/Ciphey/wiki#adding-your-own-crackers--decoders
Web path scanner
python
security
scanner
hacking
bruteforce
penetration-testing
bug-bounty
fuzzing
pentesting
pentest
fuzzer
appsec
dirsearch
dirbuster
scanner-web
-
Updated
Sep 29, 2020 - Python
A collection of open source and commercial tools that aid in red team operations.
-
Updated
Sep 1, 2020
jhertz
commented
Apr 17, 2020
Hi All,
So I'm trying to use hydra to bruteforce a login on a system that uses custom http headers to receive the username and password. Hydra does not seem to be doing substitution of ^USER^ and ^PASS^ when used as HTTP headers. If I issue issuing a call to hydra like this:
hydra "http-post://0.0.0.0:8000/:H=username\:^USER^:H=password\:^PASS^" -l admin -p admin
I see the following r
A swiss army knife for pentesting networks
-
Updated
Sep 24, 2020 - Python
Automated pentest framework for offensive security experts
dns
osint
scanner
nuke
hacking
subnet
shellshock
vulnerability
pentesting
scans
recon
vulnerabilities
bugbounty
pentest
automated
kali-linux
metasploit
sn1per
sn1per-professional
xerosecurity
-
Updated
Sep 27, 2020 - Shell
bkimminich
commented
Sep 25, 2020
🐛 Bug report
Description
🔬 Minimal Reproduction
NODE_ENV=7ms npm start- Go to http://localhost:3000/#/photo-wall
- Hover over any photo to (not) see the caption in black text on gray-transparent background
Directory/File, DNS and VHost busting tool written in Go
-
Updated
Sep 2, 2020 - Go
An Information Security Reference That Doesn't Suck
windows
linux
osx
reverse-engineering
hacking
forensics
penetration-testing
infosec
pentesting
references
information-security
privilege-escalation
exfiltration
infosec-reference
red-team
blueteam
hacking-simulator
privilege-escalation-exploits
mitre-attack-db
-
Updated
Sep 28, 2020
x72hoor
opened
Aug 5, 2020
This is a multi-use bash script for Linux systems to audit wireless networks.
linux
bash
enterprise
security
hacking
wireless
aircrack
handshake
pentesting
denial-of-service
wps
sslstrip
beef
evil-twin
sniffing
pixie-dust
wep
5ghz
wpa-wpa2
pmkid
-
Updated
Sep 29, 2020 - Shell
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
security
security-audit
scanner
exploits
infosec
pentesting
vulnerability-detection
vulnerability-scanners
vulnerability-assessment
-
Updated
Jan 29, 2020 - Python
Collaborative Penetration Test and Vulnerability Management Platform
security
devops
chatops
security-audit
collaboration
orchestration
nmap
penetration-testing
vulnerability
infosec
pentesting
collaborative
cve
nessus
vulnerability-management
vulnerability-scanners
burpsuite
security-automation
devsecops
continuous-scanning
-
Updated
Sep 10, 2020 - JavaScript
Next generation web scanner
ruby
security
web
scanner
hacking
owasp
penetration-testing
application-security
pentesting
recon
pentest
kali-linux
appsec
network-security
web-hacking
security-tools
penetration-test
hacking-tools
pentesting-tools
penetration-testing-tools
-
Updated
Sep 29, 2020 - Ruby
Web Pentesting Fuzz 字典,一个就够了。
-
Updated
May 9, 2020 - Python
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
security
awesome
hacking
cheatsheet
penetration-testing
penetration
pentesting
security-vulnerability
information-security
refresher
hacking-tool
oscp5
howto-tutorial
security-tools
oscp
penetration-test
oscp-journey
hacking-code
oscp-tools
cheatsheet-god
-
Updated
Sep 6, 2020
The LAZY script will make your life easier, and of course faster.
shortcut
penetration-testing
shell-script
pentesting
wifiphisher
wpa-cracker
kali-linux
bypass-av
metasploit-framework
payload
pixie-dust
bypass-antivirus
wifi-password
wpa2-handshake
antivirus-evasion
payload-generator
sqlinjection
pentest-tool
wifi-testing
eternalblue-doublepulsar-metasploit
kali-scripts
-
Updated
Sep 19, 2020 - Shell
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
static-analysis
mobile-app
android-application
ios-app
dynamic-analysis
pentesting
reverse-engineers
network-analysis
runtime-analysis
-
Updated
Aug 30, 2020
Wiki to collect Red Team infrastructure hardening resources
-
Updated
Mar 24, 2020
bee-san
commented
Sep 28, 2020
Hello Spoopy Hackers ghost
Welcome to Hacktoberfest
This issue is exclusively for Hacktoberfest! :)
Our contributing guidelines are here:
https://github.com/RustScan/RustScan/wiki/Contributing
What this issue is
Problem
RustScan is designed to be fast. But sometimes we make changes which make RustScan very slow.
Solution
We would like continuous integ
Automated All-in-One OS command injection and exploitation tool.
-
Updated
Sep 28, 2020 - Python
analyserdmz
commented
May 7, 2020
Would be awesome if it would be possible to save the found streams to a M3U file, compatible with VLC. An example template of a valid M3U file is the following:
#EXTM3U
#EXTINF:-1 tvg-id="" tvg-name="" tvg-language="" tvg-logo="" tvg-country="" tvg-url="" group-title="",[IP AND CHANNELID HERE FOR NAME]
rtsp://192.168.0.5/route/to/stream/here
#EXTINF:-1 tvg-id="" tvg-name="" tvg-langua
A high performance offensive security tool for reconnaissance and vulnerability scanning
osint
scanner
hacking
enumeration
fuzzing
pentesting
offensive-security
hacking-tool
security-scanner
vulnerability-assessment
information-gathering
reconnaissance
pentest-tool
vulnerability-scanner
raccoon
-
Updated
Mar 5, 2020 - Python
minanagehsalalma
commented
Mar 16, 2019
so if the password is correct it accepts it .... and if it's wrong it says the entered password is wrong .. and asks for the password again .. just like what the real sites do :)
The cheat sheet about Java Deserialization vulnerabilities
-
Updated
Jul 31, 2020
Improve this page
Add a description, image, and links to the pentesting topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the pentesting topic, visit your repo's landing page and select "manage topics."
Add 8.7 and 8.8 for android and ios: show how you can delay the attacker or report tampering to the backend as a response to a tamper detected
8.7: The app implements multiple mechanisms in each defense category (8.1 to 8.6). Note that resiliency scales with the amount, diversity of the originality of the mechanisms used.
8.8: The detection mechanisms trigger responses of different types, includ