Skip to content
#

pentest

Star

Here are 311 public repositories matching this topic...

Language: Python
Filter by language
All 311 Python 311 Shell 78 Go 40 C 31 JavaScript 22 PowerShell 21 Ruby 21 Java 18 PHP 18 C# 16
Sort: Best match
Sort options
Best match Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated

al0ne / Vxscan

Star

python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。

python tools cdn detection waf fingerprint python3 identification scan-tool pentest portscan port-scanning security-tools directory-scanning poc-scanning website-fingerprint fingerprint-recognition-error
  • Updated Jan 2, 2020
  • Python

sevagas / macro_pack

Star

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

obfuscation macros vba pentest meterpreter msoffice social-engineering redteam
  • Updated May 28, 2021
  • Python

anouarbensaad / vulnx

Star

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

bot crawler hacking exploits vulnerability pentest vulnerability-detection vulnerability-assessment information-gathering security-tools cms-detector cloudflare-detection shell-injection vulnerability-exploit website-vulnerability-scanner wp-scanner auto-exploiter dorks detects-vulnerabilities subdomains-gathering
  • Updated Aug 1, 2021
  • Python

christophetd / CloudFlair

Sponsor Star
Open

Test candidate origin servers on two ports HTTP & HTTPS

1
ELHARAKA
ELHARAKA commented Jan 29, 2020

I have been using this tool for awhile and i noticed 50% of the results are false positive. for i,e after cloudflair dump a list of ip addresses for the site origin server it can't detect which one is working so i after i take those ip addresses i test them manually on the both ports 443 & 80 some they work on 443 port and some they only work at 80 port.

Thank you so much for this amazing tool

Read more
enhancement good first issue

TryCatchHCF / Cloakify

Star

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

security cryptography privacy cipher hacking steganography infosec pentesting pentest hacking-tool exfiltration red-team dlp data-exfiltration security-tools av-evasion pentest-tool stego hacking-tools pentest-tools
  • Updated Nov 24, 2020
  • Python

TryCatchHCF / DumpsterFire

Star

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

security automation hacking infosec pentesting pentest hacking-tool red-team security-tools pentest-tool blue-team hacking-tools red-teams blue-teams pentest-tools
  • Updated May 27, 2020
  • Python
K8CScan

k8gege / K8CScan

Star

K8Cscan大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动

mysql security exploit ftp scanner ipc smb oracle hacking password subdomain wmi poc mssql pentest crack portscan cobalt-strike getshell netscan
  • Updated Dec 25, 2019
  • Python

GoSecure / pyrdp

Star
Open

Session Hijacking - Keep session alive on client disconnect

1
alxbl
alxbl commented Aug 6, 2020

Currently, if an intercepted client disconnects while their session is hijacked, PyRDP will ignore the request for disconnect until the RDP client times out, after which point both connections (client - pyrdp and pyrdp - server) are disconnected. Dropping the hijacked session in the process.

It would be nice and not too complicated to disconnect the client smoothly while keeping the hijacked se

Read more
enhancement good first issue hacktoberfest

Improve this page

Add a description, image, and links to the pentest topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the pentest topic, visit your repo's landing page and select "manage topics."

Learn more