#

pentest

Here are 610 public repositories matching this topic...

PayloadsAllTheThings

swisskyrepo / PayloadsAllTheThings

Star

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

security hacking web-application cheatsheet enumeration penetration-testing bounty vulnerability methodology bugbounty pentest bypass payload payloads hacktoberfest privilege-escalation redteam

Updated Dec 26, 2020
Python

nahamsec / Resources-for-Beginner-Bug-Bounty-Hunters

Star

A list of resources for those interested in getting started in bug bounties

education hackers hacking xss bug-bounty web-security pentest ssrf bug-bounty-hunters learn2hack

Updated Dec 5, 2020

SecWiki / windows-kernel-exploits

Star

windows-kernel-exploits Windows平台提权漏洞集合

windows kernel exploit tool collections pentest

Updated Jul 12, 2020
C

sundowndev / hacker-roadmap

Star

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

roadmap hacking penetration-testing post-exploitation vulnerabilities pentest exploitation hacking-tool frameworks information-gathering web-hacking hacktools

Updated Oct 19, 2020

vanhauser-thc / thc-hydra

Star

Open

Hydra not decoding ^USER^ and ^PASS^ when passed as HTTP Headers

6

jhertz commented Apr 17, 2020

Hi All,

So I'm trying to use hydra to bruteforce a login on a system that uses custom http headers to receive the username and password. Hydra does not seem to be doing substitution of ^USER^ and ^PASS^ when used as HTTP headers. If I issue issuing a call to hydra like this:

hydra "http-post://0.0.0.0:8000/:H=username\:^USER^:H=password\:^PASS^" -l admin -p admin

I see the following r

Read more

enhancement good first issue help wanted

Open

Unknown GET Requests

2

Open

Feature Request - use pkgconfig to detect build dependencies

5

Sn1per

1N3 / Sn1per

Star

Automated pentest framework for offensive security experts

Updated Dec 28, 2020
Shell

SecWiki / linux-kernel-exploits

Star

linux-kernel-exploits Linux平台提权漏洞集合

linux awesome collection kernel exploit tool pentest

Updated Jul 13, 2020
C

k8gege / K8tools

Star

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

database apt exploit scanner hacking password poc brute-force pentest bypass crack privilege-escalation 0day getshell netscan rar-mysql

Updated Dec 30, 2020
PowerShell

objection

sensepost / objection

Star

📱 objection - runtime mobile exploration

android security ios mobile framework instrumentation pentest frida

Updated Dec 21, 2020
Python

onlurking / awesome-infosec

Star

A curated list of awesome infosec courses and training resources.

security awesome lab penetration-testing courses infosec pentest security-professionals

Updated Oct 1, 2020

urbanadventurer / WhatWeb

Star

Next generation web scanner

Updated Dec 14, 2020
Ruby

foospidy / payloads

Star

Git All the Payloads! A collection of web attack payloads.

hacking xss cybersecurity sqli passwords pentest appsec payload payloads web-attack-payloads

Updated Jul 19, 2020
Shell

lanjelot / patator

Star

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

brute-force pentest

Updated Dec 23, 2020
Python

nixawk / pentest-wiki

Star

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

security hacking pentest

Updated Oct 27, 2020
Python

coreb1t / awesome-pentest-cheat-sheets

Star

Collection of the cheat sheets useful for pentesting

security awesome cheatsheet penetration-testing pentest security-cheat-sheets pentest-cheat-sheets

Updated Aug 30, 2020

k8gege / Ladon

Star

大型内网渗透扫描器&Cobalt Strike，Ladon7.2内置94个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

security tools hack exploit scanner hacking password poc brute-force pentest portscan security-scanner exp security-tools ladon ipscanner getshell netscan

Updated Dec 30, 2020
C#

UndeadSec / SocialFish

Star

Open

is it possible to make it check the entered password ?

5

minanagehsalalma commented Mar 16, 2019

so if the password is correct it accepts it .... and if it's wrong it says the entered password is wrong .. and asks for the password again .. just like what the real sites do :)

Read more

enhancement good first issue help wanted

evilcos / xssor2

Star

XSS'OR - Hack with JavaScript.

encoding hack xss probe csrf pentest hacking-tool pentest-tool

Updated Aug 19, 2020
JavaScript

evil-winrm

Hackplayers / evil-winrm

Star

The ultimate WinRM shell for hacking/pentesting

ruby shell docker powershell pentesting-windows hacking kerberos pentesting winrm pentest pass-the-hash remote-management win-rm evil-winrm psrp

Updated Jun 20, 2020
Ruby

rewardone / OSCPRepo

Star

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

penetration-testing pentest oscp reconscan

Updated Jun 22, 2020
C

cujanovic / SSRF-Testing

Star

SSRF (Server Side Request Forgery) testing resources

pentesting pentest ssrf pentest-tool server-side-request-forgery

Updated Sep 5, 2020
Python

social-analyzer

qeeqbox / social-analyzer

Star

API and Web App for analyzing & finding a person profile across 300+ social media websites (Detections are updated regularly)

nodejs profile social-media osint analyzer username pentest reconnaissance soical string-analysis

Updated Jan 1, 2021
JavaScript

owtf / owtf

Star

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

python linux security nist framework passive mozilla traffic owasp pentest impact kali-linux owtf semi-passive web-application-security

Updated Dec 29, 2020
Python

tom0li / collection-document

Star

Collection of quality safety articles

Updated Dec 31, 2020

swisskyrepo / SSRFmap

Star

Automatic SSRF fuzzer and exploitation tool

vulnerability ctf pentest exploitation hacktoberfest ssrf server-side-request-forgery ssrfmap

Updated Oct 6, 2020
Python

0x00-0x00 / ShellPop

Star

Pop shells like a master.

shell remote hacking reverse bind pentest pop-shells

Updated Apr 2, 2019
Python

awesome-nodejs-security

lirantal / awesome-nodejs-security

Star

Awesome Node.js Security resources

nodejs security owasp cybersecurity infosec web-security vulnerabilities pentest

Updated Dec 16, 2020
JavaScript

iSafeBlue / TrackRay

Star

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

vulnerability pentest

Updated Jul 1, 2020
Java

pentest-guide

Voorivex / pentest-guide

Star

Penetration tests guide based on OWASP including test cases, resources and examples.

penetration-testing vulnerability bugbounty pentest bypass payload writeup owasp-tests

Updated Nov 30, 2020

m0rtem / CloudFail

Star

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

database scanner tor bruteforce python3 cloudflare ip pentesting recon pentest cloudflare-ip

Updated Dec 18, 2020
Python

Improve this page

Add a description, image, and links to the pentest topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the pentest topic, visit your repo's landing page and select "manage topics."

You can’t perform that action at this time.