Skip to content
Permalink
master
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time
265 lines (241 sloc) 21.1 KB
General:
Cheatsheets - Penetration Testing/Security Cheatsheets - https://github.com/liorvh/Cheatsheets-1
awesome-pentest - penetration testing resources - https://github.com/Hack-with-Github/Awesome-Hacking
Red-Team-Infrastructure-Wiki - Red Team infrastructure hardening resources - https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
Infosec_Reference - Information Security Reference - https://github.com/rmusser01/Infosec_Reference
Awesome-Red-Teaming - List of Awesome Red Teaming Resources - https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
awesome-windows-security - List of Awesome Windows Security Resources - https://github.com/chryzsh/awesome-windows-security
Web Services:
JettyBleed - Jetty HttpParser Error Remote Memory Disclosure - https://github.com/AppSecConsulting/Pentest-Tools
clusterd - Jboss/Coldfusion/WebLogic/Railo/Tomcat/Axis2/Glassfish - https://github.com/hatRiot/clusterd
xsser - From XSS to RCE wordpress/joomla - https://github.com/Varbaek/xsser
Java-Deserialization-Exploit - weaponizes ysoserial code to gain a remote shell - https://github.com/njfox/Java-Deserialization-Exploit
CMSmap - CMS scanner - https://github.com/Dionach/CMSmap
wordpress-exploit-framework - penetration testing of WordPress - https://github.com/rastating/wordpress-exploit-framework
joomlol - Joomla User-Agent/X-Forwarded-For RCE - https://github.com/compoterhacker/joomlol
joomlavs - Joomla vulnerability scanner - https://github.com/rastating/joomlavs
mongoaudit - MongoDB auditing and pentesting tool - https://github.com/stampery/mongoaudit
davscan - Fingerprints servers, finds exploits, scans WebDAV - https://github.com/Graph-X/davscan
Web Applications:
HandyHeaderHacker - Examine HTTP response headers for common security issues - https://github.com/vpnguy/HandyHeaderHacker
OpenDoor - OWASP Directory Access scanner - https://github.com/stanislav-web/OpenDoor
ASH-Keylogger - simple keylogger application for XSS attack - https://github.com/AnonymousSecurityHackers/ASH-Keylogger
tbhm - The Bug Hunters Methodology - https://github.com/jhaddix/tbhm
commix - command injection - https://github.com/commixproject/commix
NoSQLMap - Mongo database and NoSQL - https://github.com/tcstool/NoSQLMap
xsshunter - Second order XSS - https://github.com/mandatoryprogrammer/xsshunter
LinkFinder - python script that finds endpoints in JavaScript files - https://github.com/GerbenJavado/LinkFinder
Local privilege escalation:
yodo - become root via limited sudo permissions - https://github.com/b3rito/yodo
Pa-th-zuzu - Checks for PATH substitution vulnerabilities - https://github.com/ShotokanZH/Pa-th-zuzu
sudo-snooper - acts like the original sudo binary to fool users - https://github.com/xorond/sudo-snooper
RottenPotato - local privilege escalation from service account - https://github.com/foxglovesec/RottenPotato
UACMe - Windows AutoElevate backdoor - https://github.com/hfiref0x/UACME
Invoke-LoginPrompt - Invokes a Windows Security Login Prompt - https://github.com/enigma0x3/Invoke-LoginPrompt
Exploits-Pack - Exploits for getting local root on Linux - https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack
windows-privesc-check - Standalone Executable - https://github.com/pentestmonkey/windows-privesc-check
unix-privesc-check - simple privilege escalation vectors - https://github.com/pentestmonkey/unix-privesc-check
LinEnum - local Linux Enumeration & Privilege Escalation Checks - https://github.com/rebootuser/LinEnum
cowcron - Cronbased Dirty Cow Exploit - https://github.com/securifera/cowcron
WindowsExploits - Precompiled Windows exploits - https://github.com/abatchy17/WindowsExploits
Privilege-Escalation - common local exploits and enumeration scripts - https://github.com/AusJock/Privilege-Escalation
Unix-Privilege-Escalation-Exploits-Pack - https://github.com/LukaSikic/Unix-Privilege-Escalation-Exploits-Pack
Sherlock - PowerShell script to quickly find missing software patches - https://github.com/rasta-mouse/Sherlock
GTFOBins - list of Unix binaries that can be exploited to bypass system security restrictions - https://github.com/GTFOBins/GTFOBins.github.io
juicy-potato - local privilege escalation from service account - https://github.com/ohpe/juicy-potato
Phishing:
eyephish - find similar looking domain names - https://github.com/phar/eyephish
phishery - Basic Auth Credential Harvester with a Word Document Template URL Injector - https://github.com/ryhanson/phishery
WordSteal - steal NTLM hashes - https://github.com/0x090x0/WordSteal
ReelPhish - Real-Time Two-Factor Phishing Tool - https://github.com/fireeye/ReelPhish
CredSniper - phishing framework (2FA) - https://github.com/ustayready/CredSniper
evilginx2 - for phishing login credentials along with session cookies - https://github.com/kgretzky/evilginx2
Open Source Intelligence:
truffleHog - Searches through git repositories for high entropy strings - https://github.com/dxa4481/truffleHog
Altdns - Subdomain discovery - https://github.com/infosec-au/altdns
github-dorks - reveal sensitive personal and/or organizational information - https://github.com/techgaun/github-dorks
gitrob - find sensitive information - https://github.com/michenriksen/gitrob
Bluto - DNS Recon , Email Enumeration - https://github.com/darryllane/Bluto
SimplyEmail - Email recon - https://github.com/killswitch-GUI/SimplyEmail
Sublist3r - Fast subdomains enumeration tool for penetration testers - https://github.com/aboul3la/Sublist3r
snitch - information gathering via dorks - https://github.com/Smaash/snitch
RTA - scan all company's online facing assets - https://github.com/flipkart-incubator/RTA
InSpy - LinkedIn enumeration tool - https://github.com/gojhonny/InSpy
LinkedInt - LinkedIn scraper for reconnaissance - https://github.com/mdsecactivebreach/LinkedInt
amass - In-Depth DNS Enumeration and Network Mapping - https://github.com/caffix/amass
DVCS-Pillage - Pillage web accessible GIT, HG and BZR repositories - https://github.com/evilpacket/DVCS-Pillage
UhOh365 - Script that can see if an email address is valid in Office365 - https://github.com/Raikia/UhOh365
o365spray - Username enumeration and password spraying tool - https://github.com/0xZDH/o365spray
raven - Linkedin information gathering tool - https://github.com/0x09AL/raven
patator - multi-purpose brute-forcer - https://github.com/lanjelot/patator
Post-exploitation:
Windows-Exploit-Suggester - patch levels against vulnerability database - https://github.com/GDSSecurity/Windows-Exploit-Suggester
lazykatz - xtract credentials from remote targets protected with AV - https://github.com/bhdresh/lazykatz
Invoke-Vnc - Powershell VNC injector - https://github.com/artkond/Invoke-Vnc
spraywmi - mass spraying Unicorn PowerShell injection - https://github.com/trustedsec/spraywmi
redsnarf - for retrieving hashes and credentials from Windows workstations - https://github.com/nccgroup/redsnarf
HostRecon - situational awareness - https://github.com/dafthack/HostRecon
mimipenguin - login password from the current linux user - https://github.com/huntergregal/mimipenguin
rpivot - socks4 reverse proxy for penetration testing - https://github.com/artkond/rpivot
metasploit-execute-assembly - Metasploit post module to executing a .NET Assembly - https://github.com/b4rtik/metasploit-execute-assembly
NetRipper - Smart traffic sniffing - https://github.com/NytroRST/NetRipper
memscan - Searches for strings, regex, credit card numbers - https://github.com/nccgroup/memscan
pypykatz - Mimikatz implementation in pure Python - https://github.com/skelsec/pypykatz
Invoke-TheHash - PowerShell Pass The Hash Utils - https://github.com/Kevin-Robertson/Invoke-TheHash
Looting:
cookie_stealer - steal cookies from firefox cookies database -https://github.com/rash2kool/cookie_stealer
Wifi-Dumper - dump the wifi profiles and cleartext passwords of the connected access points - https://github.com/Viralmaniar/Wifi-Dumper
WebLogicPasswordDecryptor - decrypt WebLogic passwords - https://github.com/NetSPI/WebLogicPasswordDecryptor
jenkins-decrypt - Credentials dumper for Jenkins - https://github.com/tweksteen/jenkins-decrypt
mimikittenz - ReadProcessMemory() in order to extract plain-text passwords - https://github.com/putterpanda/mimikittenz
LaZagne - Credentials recovery project - https://github.com/AlessandroZ/LaZagne
SessionGopher - extract WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop - https://github.com/fireeye/SessionGopher
BrowserGather - Fileless web browser information extraction - https://github.com/sekirkity/BrowserGather
windows_sshagent_extract - extract private keys from Windows 10 ssh-agent service - https://github.com/ropnop/windows_sshagent_extract
MailSniper - searching through email in a Microsoft Exchange - https://github.com/dafthack/MailSniper
Invoke-CredentialPhisher - powershell script to send toast notifications - https://github.com/fox-it/Invoke-CredentialPhisher
Multipass - Password manager credential recovery tool - https://github.com/abednarek/Multipass
KeyTabExtract - Extracts Key Values from .keytab files - https://github.com/sosdave/KeyTabExtract
sus_ssh - Phishing SSH Key Passphrases - https://github.com/patins/sus_ssh
Network Hunting:
Sticky-Keys-Slayer - Scans for accessibility tools backdoors via RDP - https://github.com/linuz/Sticky-Keys-Slayer
DomainPasswordSpray - password spray attack against users of a domain - https://github.com/dafthack/DomainPasswordSpray
BloodHound - reveal relationships within an Active Directory - https://github.com/adaptivethreat/BloodHound
CredNinja - identify if credentials are valid - https://github.com/Raikia/CredNinja
EyeWitness - take screenshots of websites - https://github.com/ChrisTruncer/EyeWitness
gowitness - a golang, web screenshot utility - https://github.com/sensepost/gowitness
PowerUpSQL - PowerShell Toolkit for Attacking SQL Server - https://github.com/NetSPI/PowerUpSQL
sparta - scanning and enumeration - https://github.com/SECFORCE/sparta
Sn1per - Automated Pentest Recon Scanner - https://github.com/1N3/Sn1per
PCredz - This tool extracts creds from a pcap file or from a live interface - https://github.com/lgandx/PCredz
ridrelay - Enumerate usernames on a domain where you have no creds - https://github.com/skorov/ridrelay
goddi - dumps Active Directory domain information - https://github.com/NetSPI/goddi
SprayingToolkit - Scripts to make password spraying attacks - https://github.com/byt3bl33d3r/SprayingToolkit
exchange_hunter2 - Hunting for Microsoft Exchange the LDAP Way - https://github.com/aslarchergore/exchange_hunter2
adidnsdump - Active Directory Integrated DNS dumping - https://github.com/dirkjanm/adidnsdump
PrivExchange - Exchange your privileges for Domain Admin - https://github.com/dirkjanm/PrivExchange
ldapdomaindump - Active Directory information dumper via LDAP - https://github.com/dirkjanm/ldapdomaindump
impacket_static_binaries - Standalone binaries - https://github.com/ropnop/impacket_static_binaries
Exchange2domain - All in One tools of privexchange - https://github.com/Ridter/Exchange2domain
Wireless:
air-hammer - WPA Enterprise horizontal brute-force - https://github.com/Wh1t3Rh1n0/air-hammer
mana - toolkit for wifi rogue AP attacks - https://github.com/sensepost/mana
crEAP - Harvesting Users on Enterprise Wireless Networks - https://github.com/Shellntel/scripts
wifiphisher - phishing attacks against Wi-Fi clients - https://github.com/sophron/wifiphisher
WiFiSuite - consolidating the most common tools - https://github.com/NickSanzotta/WiFiSuite
Man in the Middle:
mitmproxy - An interactive TLS-capable intercepting HTTP proxy - https://github.com/mitmproxy/mitmproxy
bettercap - bettercap - https://github.com/evilsocket/bettercap
MITMf - Framework for Man-In-The-Middle attacks - https://github.com/byt3bl33d3r/MITMf
Gifts/Responder - Responder for old python - https://github.com/Gifts/Responder
mitm6 - pwning IPv4 via IPv6 - https://github.com/fox-it/mitm6
shelljack - man-in-the-middle pseudoterminal injection - https://github.com/emptymonkey/shelljack
SMBetray - SMB MiTM tool - https://github.com/quickbreach/SMBetray
Physical:
Brutal - Payload for teensy - https://github.com/Screetsec/Brutal
poisontap - Exploits locked/password protected computers over USB - https://github.com/samyk/poisontap
OverThruster - HID attack payload generator for Arduinos - https://github.com/RedLectroid/OverThruster
Paensy - An attacker-oriented library for the Teensy 3.1 microcontroller - https://github.com/Ozuru/Paensy
Kautilya - Payloads for a Human Interface Device - https://github.com/samratashok/Kautilya
Payloads:
JavaReverseTCPShell - Spawns a reverse TCP shell in Java - https://github.com/quantumvm/JavaReverseTCPShell
splunk_shells - Splunk with reverse and bind shells - https://github.com/TBGSecurity/splunk_shells
pyshell - shellify Your HTTP Command Injection - https://github.com/praetorian-inc/pyshell
RobotsDisallowed - harvest of the Disallowed directories - https://github.com/danielmiessler/RobotsDisallowed
SecLists - collection of multiple types of lists - https://github.com/danielmiessler/SecLists
Probable-Wordlists - Wordlists sorted by probability - https://github.com/berzerk0/Probable-Wordlists
ARCANUS - payload generator/handler. - https://github.com/EgeBalci/ARCANUS
weevely3 - Weaponized web shell - https://github.com/epinna/weevely3
fuzzdb - Dictionary of attack patterns - https://github.com/fuzzdb-project/fuzzdb
payloads - web attack payloads - https://github.com/foospidy/payloads
Brosec - An interactive reference tool for payloads - https://github.com/gabemarshall/Brosec
Demiguise - HTA encryption tool - https://github.com/nccgroup/demiguise
PayloadsAllTheThings - A list of useful payloads - https://github.com/swisskyrepo/PayloadsAllTheThings
statistically-likely-usernames - statistically likely username lists - https://github.com/insidetrust/statistically-likely-usernames
ysoserial.net - Deserialization payload generator for .NET - https://github.com/pwntester/ysoserial.net
Droppers:
HERCULES - payload generator that can bypass antivirus - https://github.com/EgeBalci/HERCULES
MacroShop - delivering payloads via Office Macros - https://github.com/khr0x40sh/MacroShop
ClickOnceGenerator - Quick Malicious ClickOnceGenerator - https://github.com/Mr-Un1k0d3r/ClickOnceGenerator
luckystrike - A PowerShell based utility for the creation of malicious Office macro documents - https://github.com/Shellntel/luckystrike
Insanity-Framework - Generate Payloads - https://github.com/4w4k3/Insanity-Framework
Winpayloads - Undetectable Windows Payload Generation - https://github.com/nccgroup/Winpayloads
Enigma - Multiplatform payload dropper - https://github.com/UndeadSec/Enigma
Gscript - framework to rapidly implement custom droppers - https://github.com/gen0cide/gscript
mcreator - Encoded Reverse Shell Generator - https://github.com/blacknbunny/mcreator
Phantom-Evasion - Python AV evasion tool - https://github.com/oddcod3/Phantom-Evasion
mcreator - Encoded Reverse Shell Generator - https://github.com/blacknbunny/mcreator
hershell - Multiplatform reverse shell generator - https://github.com/lesnuages/hershell
wep - Weaponize Macro payloads - https://github.com/ghost123gg/wep
EvilClippy - creating malicious MS Office documents - https://github.com/outflanknl/EvilClippy
macro_pack - MS Office documents or VBS - https://github.com/sevagas/macro_pack
AVIator - backdoor generator utility - https://github.com/Ch0pin/AVIator
MaliciousMacroGenerator - Malicious Macro Generator - https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator
donut - hellcode that loads .NET Assemblies, PE files - https://github.com/TheWover/donut
Apple:
MMeTokenDecrypt - Decrypts and extracts iCloud and MMe authorization tokens - https://github.com/manwhoami/MMeTokenDecrypt
OSXChromeDecrypt - Decrypt Google Chrome and Chromium Passwords on Mac OS X - https://github.com/manwhoami/OSXChromeDecrypt
EggShell - iOS and OS X Surveillance Tool - https://github.com/neoneggplant/EggShell
bonjour-browser - command line tool to browse for Bonjour - https://github.com/watson/bonjour-browser
logKext - open source keylogger for Mac OS X - https://github.com/SlEePlEs5/logKext
OSXAuditor - OS X computer forensics tool - https://github.com/jipegit/OSXAuditor
davegrohl - Password Cracker for OS X - https://github.com/octomagon/davegrohl
chainbreaker - Mac OS X Keychain Forensic Tool - https://github.com/n0fate/chainbreaker
FiveOnceInYourLife - Local osx dialog box phishing - https://github.com/fuzzynop/FiveOnceInYourLife
ARD-Inspector - ecrypt the Apple Remote Desktop database - https://github.com/ygini/ARD-Inspector
keychaindump - reading OS X keychain passwords - https://github.com/juuso/keychaindump
Bella - python, post-exploitation, data mining tool - https://github.com/manwhoami/Bella
EvilOSX - pure python, post-exploitation, RAT - https://github.com/Marten4n6/EvilOSX
Apfell - A macOS, post-exploit, red teaming framework - https://github.com/its-a-feature/Apfell
Captive Portals:
cpscam - Bypass captive portals by impersonating inactive users - https://github.com/codewatchorg/cpscam
Passwords:
pipal - password analyser - https://github.com/digininja/pipal
wordsmith - assist with creating tailored wordlists - https://github.com/skahwah/wordsmith
Invoke-PWAudit - discover similarly named accounts with shared passwords in AD - https://github.com/ubeeri/Invoke-PWAudit
Obfuscation:
ObfuscatedEmpire - fork of Empire with Invoke-Obfuscation integrated directly in - https://github.com/cobbr/ObfuscatedEmpire
obfuscate_launcher - Simple script for obfuscating payload launchers - https://github.com/jamcut/obfuscate_launcher
Invoke-CradleCrafter - Download Cradle Generator & Obfuscator - https://github.com/danielbohannon/Invoke-CradleCrafter
Invoke-Obfuscation - PowerShell Obfuscator - https://github.com/danielbohannon/Invoke-Obfuscation
nps_payload - payloads for basic intrusion detection avoidance - https://github.com/trustedsec/nps_payload
C# Tooling:
SharpWeb - .NET 2.0 CLR project to retrieve saved browser credentials - https://github.com/djhohnstein/SharpWeb
reconerator - C# Targeted Attack Reconnissance Tools - https://github.com/stufus/reconerator
SafetyKatz - create a minidump of LSASS - https://github.com/GhostPack/SafetyKatz
SharpShooter - framework for the retrieval and execution of arbitrary CSharp source code - https://github.com/mdsecactivebreach/SharpShooter
SharpCradle - download and execute .NET binaries into memory - https://github.com/anthemtotheego/SharpCradle
Sharp-WMIExec - C# conversion of Invoke-WMIExec - https://github.com/checkymander/Sharp-WMIExec
Sharp-SMBExec - C# conversion of Invoke-SMBExec https://github.com/checkymander/Sharp-SMBExec
SharpCloud - Collecting AWS, Microsoft Azure, and Google Compute creds - https://github.com/chrismaddalena/SharpCloud
SharpView - C# implementation of PowerView - https://github.com/tevora-threat/SharpView
SharpHound - The BloodHound C# Ingestor - https://github.com/BloodHoundAD/SharpHoun
SharpGen - C# compiler to cross-compile .NET console applications or libraries. - https://github.com/cobbr/SharpGen
InveighZero - C# LLMNR/NBNS spoofer - https://github.com/Kevin-Robertson/InveighZero
SharpSploitConsole - Console Application designed to interact with SharpSploit - https://github.com/anthemtotheego/SharpSploitConsole
SharpSniper - Find specific users in active directory via username and IP address - https://github.com/HunnicCyber/SharpSniper
SharPersist - Windows persistence toolkit - https://github.com/fireeye/SharPersist
RedTeamCSharpScripts - C# Script used for Red Team - https://github.com/Mr-Un1k0d3r/RedTeamCSharpScripts
SharPyShell - iny and obfuscated ASP.NET webshell for C# - https://github.com/antonioCoco/SharPyShell
Not Powershell:
PowerShdll - Run PowerShell with rundll32 - https://github.com/p3nt4/PowerShdll
PowerLine- Powershell Scripts in a binary - https://github.com/fullmetalcache/PowerLine
PowerOPS - C# that runs PowerShell commands and functions - https://github.com/fdiskyou/PowerOPS
nps - Not PowerShell - https://github.com/Ben0xA/nps
PowerHub - post exploitation tool - https://github.com/AdrianVollmer/PowerHub
RATs:
SILENTTRINITY - post-exploitation agent powered by Python, IronPython, C# and .NET's DLR - https://github.com/byt3bl33d3r/SILENTTRINITY
DoHC2 - command and control (C2) via DNS over HTTPS (DoH) - https://github.com/SpiderLabs/DoHC2
RemoteRecon - Remote Recon and Collection - https://github.com/xorrior/RemoteRecon
Mertin - cross-platform post-exploitation HTTP/2 Command & Control - https://github.com/Ne0nd0g/merlin
dnscat2-powershell - encrypted DNS command and control tool - https://github.com/lukebaggett/dnscat2-powershell
Koadic - JScript RAT - https://github.com/zerosum0x0/koadic
Pupy - cross-platform RAT written in python - https://github.com/n1nj4sec/pupy
sliver - Implant framework - https://github.com/BishopFox/sliver
Covenant - Covenant is a collaborative .NET C2 - https://github.com/cobbr/Covenant
Cloud:
pacu - The AWS exploitation framework - https://github.com/RhinoSecurityLabs/pacu
weirdAAL - AWS Attack Library - https://github.com/carnal0wnage/weirdAAL
ScoutSuite - Multi-Cloud Security Auditing Tool - https://github.com/nccgroup/ScoutSuite
AWS-IAM-Privilege-Escalation - AWS IAM privilege escalation methods - https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
nimbostratus - ingerprinting and exploiting Amazon cloud infrastructures - https://github.com/andresriancho/nimbostratus