Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.

C# 859 103 Updated Nov 11, 2024

dafthack / DomainPasswordSpray

DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAR…

PowerShell 1,855 383 Updated Jul 11, 2024

smicallef / spiderfoot

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Python 13,971 2,394 Updated Dec 15, 2024

lanmaster53 / recon-ng

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

Python 4,495 702 Updated Nov 1, 2024

Kevin-Robertson / Invoke-TheHash

PowerShell Pass The Hash Utils

PowerShell 1,556 305 Updated Dec 9, 2018

Tallguy297 / SimpleHTTPServerWithUpload

Simple HTTP Server With Upload written in Python 3

Python 136 60 Updated Aug 15, 2023

epi052 / feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

Rust 6,329 522 Updated Mar 20, 2025

EnableSecurity / wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Python 5,566 955 Updated Dec 31, 2024

sullo / nikto

Nikto web server scanner

Perl 9,048 1,291 Updated Feb 22, 2025

quentinhardy / odat

ODAT: Oracle Database Attacking Tool

Python 1,651 350 Updated Jul 27, 2024

GhostPack / Seatbelt

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

C# 3,992 714 Updated Jan 10, 2025

urbanadventurer / WhatWeb

Next generation web scanner

Ruby 5,779 929 Updated Jul 16, 2024

juliocesarfort / public-pentesting-reports

A list of public penetration test reports published by several consulting firms and academic security groups.

HTML 8,745 1,993 Updated Jun 6, 2024

pwndoc / pwndoc

Pentest Report Generator

JavaScript 2,436 448 Updated Mar 4, 2025

tmux-plugins / tpm

Tmux Plugin Manager

Shell 12,849 449 Updated Aug 5, 2024

blacklanternsecurity / writehat

A pentest reporting tool written in Python. Free yourself from Microsoft Word.

Python 1,360 235 Updated Dec 18, 2024

clr2of8 / DPAT

Domain Password Audit Tool for Pentesters

Python 945 156 Updated Jun 24, 2022

SpiderLabs / Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Python 4,623 1,710 Updated Jun 15, 2020

tmux-plugins / tmux-logging

Easy logging and screen capturing for Tmux.

Shell 1,089 118 Updated May 18, 2024

rasta-mouse / Sherlock

PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.

PowerShell 1,931 424 Updated Oct 10, 2018

haseebT / mRemoteNG-Decrypt

Python script to decrypt passwords stored by mRemoteNG

Python 145 42 Updated Jul 6, 2023

nmap / npcap

Nmap Project's Windows packet capture and transmission library

C 3,135 537 Updated Feb 26, 2025

S3cur3Th1sSh1t / WinPwn

Automation for internal Windows Penetrationtest / AD-Security

PowerShell 3,440 535 Updated Nov 26, 2024

rootm0s / WinPwnage

UAC bypass, Elevate, Persistence methods

Python 2,660 385 Updated Feb 13, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

C0tt0n-P4ws

Block or report C0tt0n-P4ws

Lists (3)

Note!

OSINT

Pentest

Stars

flozz / p0wny-shell

epinna / weevely3

antonioCoco / ConPtyShell

api0cradle / UltimateAppLockerByPassList

mdbtools / mdbtools

SpecterOps / BloodHound

eladshamir / Whisker