|https://github.com/loseys/BlackMamba|
|https://github.com/theshadowboxers/bunraku|
|https://github.com/FSecureLABS/C3|
|https://github.com/mitre/caldera|
|https://github.com/3xpl01tc0d3r/Callidus|
|https://github.com/tiagorlampert/CHAOS|
|https://github.com/cobbr/Covenant|
https://github.com/crawl3r/DaaC2
https://github.com/h0mbre/Dali
https://github.com/enkomio/AlanFramework
https://github.com/hyp3rlinx/DarkFinger-C2
https://github.com/Arno0x/DBC2
https://github.com/qwqdanchun/DcRat
https://github.com/DeimosC2/DeimosC2
https://github.com/3ct0s/disctopia-c2
https://github.com/neoneggplant/EggShell
https://github.com/jm33-m0/emp3r0r
https://github.com/BC-SECURITY/Empire
https://github.com/Marten4n6/EvilOSX
https://github.com/monoxgas/FlyingAFalseFlag
https://github.com/looCiprian/GC2-sheet
https://github.com/Ziconius/FudgeC2
https://github.com/byt3bl33d3r/gcat
https://github.com/SaturnsVoid/GoBot2
https://github.com/SaumyajeetDas/GodGenesis
https://github.com/sensepost/goDoH
https://github.com/lukebaggett/google_socks
https://github.com/r3nhat/GRAT2
https://github.com/d4rckh/grc2
https://github.com/onSec-fr/Http-Asynchronous-Reverse-Shell
https://github.com/HavocFramework/Havoc
https://github.com/b23r0/Heroinn
https://github.com/3v4Si0N/HTTP-revshell
https://github.com/ElevenPaths/ibombshell
https://github.com/geemion/Khepri
https://github.com/zerosum0x0/koadic
https://github.com/postrequest/link
https://github.com/Kudaes/LOLBITS
https://github.com/cedowens/MacC2
https://github.com/cedowens/MacShellSwift
https://github.com/nickvangilder/most-average-c2-ever
https://github.com/CMatri/MeetC2
https://github.com/Ne0nd0g/merlin
https://github.com/rapid7/metasploit-framework
https://github.com/degenerat3/meteor
https://github.com/looCiprian/GC2-sheet
https://github.com/r00t-3xp10it/meterpeter
https://github.com/Cr4sh/MicroBackdoor
https://github.com/mlgualtieri/PurpleTeamSummit/tree/main/Summit-May2021
https://github.com/RickConsole/minic2
https://github.com/IncideDigital/Mistica
https://github.com/YDHCUI/manjusaka
https://github.com/its-a-feature/Mythic
https://github.com/MythicAgents/Apollo
https://github.com/MythicAgents/Medusa
https://github.com/gl4ssesbo1/Nebula
https://github.com/itaymigdal/Nimbo-C2
https://github.com/ahmedkhlief/Ninja/
https://github.com/EnginDemirbilek/NorthStarC2
https://github.com/p3nt4/Nuages
https://github.com/mhaskar/Octopus
https://github.com/mttaggart/OffensiveNotion
https://github.com/lapolis/palinka_c2
https://github.com/fozavci/petaqc2
https://github.com/xRET2pwn/PickleC2
https://github.com/nettitude/PoshC2/
https://github.com/AdrianVollmer/PowerHub
https://github.com/preludeorg/
https://github.com/Project-Prismatica
https://github.com/entynetproject/proton
https://github.com/n1nj4sec/pupy
https://github.com/quasar/QuasarRAT
https://github.com/FrenchCisco/RATel
https://github.com/kira2040k/RedbloodC2
https://github.com/kleiton0x00/RedditC2
https://github.com/redherd-project/redherd-framework
https://github.com/itsKindred/redViper
https://github.com/ZHacker13/ReverseTCPShell
https://github.com/d4rk007/sak1to-shell
https://github.com/Idov31/Sandman
https://github.com/jconwell/secret_handshake
https://github.com/jafarlihi/serpentine
https://github.com/bats3c/shad0w
https://github.com/shadow-workers/shadow-workers
https://github.com/rasta-mouse/SharpC2
https://github.com/reveng007/SharpGmailC2
https://github.com/byt3bl33d3r/SILENTTRINITY
https://github.com/praetorian-inc/slack-c2bot
https://github.com/n00py/Slackor
https://github.com/BishopFox/sliver
https://github.com/NetSPI/SQLC2
https://github.com/4g3nt47/Striker
https://github.com/silentbreaksec/Throwback
https://github.com/Mr-Un1k0d3r/ThunderShell
https://github.com/trustedsec/trevorc2/
https://github.com/h3xduck/TripleCross
https://github.com/PaulSec/twittor
https://github.com/sogonsec/ViolentFungus-C2
https://github.com/D1rkMtr/VirusTotalC2
https://github.com/KadeDev/Void-RAT
https://github.com/looCiprian/GC2-sheet
https://github.com/FULLSHADE/WarFox/
https://github.com/facebookincubator/WEASEL
https://github.com/A-poc/RedTeam-Tools
https://fatehgar.org/tools/index.php https://github.com/jpillora/chisel• https://github.com/0x36/VPNPivot
• https://github.com/sysdream/ligolo
• https://github.com/esrrhs/pingtunnel
• https://github.com/nccgroup/ABPTTS
• https://github.com/sensepost/reGeorg
• https://github.com/nccgroup/SocksOverRDP
• https://github.com/trustedsec/egressbuster
• https://github.com/p3nt4/Invoke-SocksProxy
• https://github.com/securesocketfunneling/ssf
• https://github.com/blackarrowsec/mssqlproxy
• https://github.com/hayasec/reGeorg-Weblogic
• https://github.com/shantanu561993/SharpChisel
• https://github.com/RedTeamOperations/PivotSuite
• https://github.com/vincentcox/bypass-firewalls-by-DNS-history
https://github.com/hakluke/hakoriginfinderhttps://anugrahsr.github.io/posts/10-Password-reset-flaws/?s=09
Added a new text Document where I'm going to include all cheetshits I've found
https://cheatsheetseries.owasp.org/cheatsheets/Laravel_CheatSheet.html https://cybersecurity.att.com/blogs/security-essentials/vlan-hopping-and-mitigation https://github.com/majidkalantarii/AwesomePenetrationTest https://github.com/oneplus-x/Awesome-Pentest https://github.com/gnxbr/Fully-Undetectable-Techniques/tree/main/possessor http://smspriv6fynj23u6.onionhttps://0xsp.com/offensive/red-teaming-toolkit-collection
SSRF, simple mindmap. https://t.co/AmqWdDcIlt https://t.co/gr4JNU1E59
https://github.com/Ha3MrX/InstaBrute https://www.netsparker.com/blog/web-security/using-google-bots-attack-vector/https://threat.tevora.com/diy-leaked-credential/
https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style
https://github.com/ioncodes/CVE-2020-16938.git https://github.com/qemm/armory/blob/master/OSINT_Packet_2019.pdf https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusionhttps://github.com/cr0hn/festin
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
https://github.com/odedshimon/BruteShark https://github.com/nccgroup/azucar/blob/master/README.mdhttps://gist.github.com/dogrocker/86881d2403fee138487054da82d5dc2e
SMS/Email/whatsapp Bombers Collection.https://github.com/bhattsameer/Bombers
https://github.com/crinny/b0mb3r
https://github.com/LimerBoy/Impulse
https://github.com/CarlaAstudillo/ArreStats Infoga - Recopilación de información por correo electrónico
https://github.com/m4ll0k/Infoga Informe principal del proyecto del FBI Crime Data Explorer
https://github.com/18F/crime-data-explorer PDFMtEd (PDF Metadata Editor) es un conjunto de herramientas diseñadas para simplificar el trabajo con metadatos PDF en Linux. Las utilidades alojadas en este repositorio son interfaces gráficas para el maravilloso ExifTool de Phil Harvey.
https://github.com/glutanimate/PDFMtEd Extrae metadatos de varios contenedores de audio
https://github.com/tmont/audio-metadata
Information gathering tool - OSINT https://github.com/twelvesec/gasmask Verifique si existe una dirección de correo electrónico sin enviar ningún correo electrónico. Utiliza telnet.
https://github.com/amaurymartiny/check-if-email-exists
Proporciona extracción de metadatos para paquetes iOS, And
roid y Windows.
https://github.com/Microsoft/app-metadata
Una herramienta de investigación forense móvil de código abier
to para plataforma Android https://github.com/scorelab/ANDROPHSY
Automatización y escalamiento de herramientas forenses digitales
https://github.com/google/turbinia script que extraerá todas las contraseñas guardadas de su base de datos de google chrome y las guardará en chrome.txt
https://github.com/D4Vinci/Chrome-Extractor Firefox Decrypt es una herramienta para extraer contraseñas de los perfiles de Mozilla (Firefox / Thunderbird / Seabird)
https://github.com/unode/firefox_decrypt Recuperar información de geolocalización de IP
https://github.com/maldevel/IPGeoLocation Cameradar entra en las cámaras de videovigilancia de RTSP
https://github.com/Ullaakut/cameradar PowerForensics es un marco para el análisis forense de discos en vivo
https://github.com/Invoke-IR/PowerForensics Api de reconocimiento facial más simple del mundo para Python y la línea de comando
https://github.com/ageitgey/face_recognition
https://github.com/hslatman/awesome-industrial-control-system-securityhttps://github.com/ITI/ICS-Security-Tools/blob/master/tools/audit/README.md
https://github.com/PMaynard/ICS-TestBed-Framework https://www.darknet.org.uk/2019/11/aiengine-ai-driven-network-intrusion-detection-system/?utm_source=feedly&utm_medium=webfeeds https://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html https://support.apple.com/es-es/HT201585 https://medium.com/google-cloud/gcp-checklist-2-securing-your-gcp-resources-7c5140c12f8c https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/README.md https://github.com/urbanadventurer/WhatWebhttps://github.com/reb311ion/rebel-framework
https://wpsecuritychecklist.org/es/items/ https://www.amanhardikar.com/mindmaps/Practice.html https://github.com/snoopysecurity/dvws https://www.owasp.org/index.php/OWASP_Damn_Vulnerable_Web_Sockets_(DVWS) https://cisofy.com/downloads/lynis/ https://labs.p64cyber.com/pentesting-ics-dnp3/Aegis: https://www.automatak.com/aegis/
Achilles Test Platform: https://www.ge.com/digital/products/achilles-vulnerability-testing-platform
Peach Fuzzer: https://www.peach.tech/wp-content/uploads/DNP3_DataSheet.pdf
https://xapax.gitbooks.io/security/content/port_forwarding_and_tunneling.html
https://github.com/RedTeamOperations/PivotSuite
https://github.com/artilleryio/artillery-plugin-fuzzerhttps://assertible.com/blog/api-security-testing-tips-to-prevent-getting-pwned
https://github.com/grafov/hulk.git
https://vexatioustendencies.com/wordfence-v5-2-3-2-stored-xss-insufficient-logging-throttle-bypass-exploit-detection-bypass/https://github.com/danielmiessler/SecLists/tree/master/Fuzzing
https://github.com/secfigo/Awesome-Fuzzing
https://github.com/D35m0nd142/LFISuite.git
https://gitlab.com/kalilinux/packages/dirb
https://www.blackhillsinfosec.com/how-to-hack-websockets-and-socket-io/ https://blog.secureideas.com/2019/04/better-api-penetration-testing-with-postman-part-3.html https://github.com/swisskyrepo/SSRFmapjava -Djsse.enableSNIExtension=false -jar /opt/BurpSuitePro/burpsuite_pro.jar &
https://www.hackingarticles.in/5-ways-file-upload-vulnerability-exploitation/
https://github.com/RhinoSecurityLabs/IPRotate_Burp_Extension https://github.com/snoopysecurity/awesome-burp-extensionshttps://www.freecodecamp.org/news/how-to-secure-your-websocket-connections-d0be0996c556/
https://github.com/toniblyx/prowler
https://github.com/Gallopsled/pwntools
https://github.com/sevagas/swap_digger
https://ithemes.com/how-to-run-a-wordpress-security-audit/Category | Tool | Description |
---|---|---|
binary | BinWalk- Firware and binary analysis | BinWalk- Firware and binary analysis |
Reversing | Ollydbg | Disassembler |
binary | afl | State-of-the-art fuzzer. |
binary | angr | Next-generation binary analysis engine from Shellphish. |
binary | barf | Binary Analysis and Reverse-engineering Framework. |
binary | bindead | A static analysis tool for binaries. |
binary | checksec | Check binary hardening settings. |
binary | codereason | Semantic Binary Code Analysis Framework. |
binary | crosstool-ng | Cross-compilers and cross-architecture tools. |
binary | cross2 | A set of cross-compilation tools from a Japanese book on C. |
binary | elfkickers | A set of utilities for working with ELF files. |
binary | elfparser | Quickly determine the capabilities of an ELF binary through static analysis. |
binary | evilize | Tool to create MD5 colliding binaries |
binary | gdb | Up-to-date gdb with python2 bindings. |
binary | panda | Platform for Architecture-Neutral Dynamic Analysis. |
binary | pathgrind | Path-based, symbolically-assisted fuzzer. |
binary | peda | Enhanced environment for gdb. |
binary | preeny | A collection of helpful preloads (compiled for many architectures!). |
binary | pwntools | Useful CTF utilities. |
binary | python-pin | Python bindings for pin. |
binary | qemu | Latest version of qemu! |
binary | qira | Parallel, timeless debugger. |
binary | radare2 | Some crazy thing crowell likes. |
binary | rp++ | Another gadget finder. |
binary | shellnoob | Shellcode writing helper. |
binary | shellsploit | Shellcode development kit. |
binary | snowman | Cross-architecture decompiler. |
binary | taintgrind | A valgrind taint analysis tool. |
binary | villoc | Visualization of heap operations. |
binary | virtualsocket | A nice library to interact with binaries. |
binary | xrop | Gadget finder. |
forensics | binwalk | Firmware (and arbitrary file) analysis tool. |
forensics | dislocker | Tool for reading Bitlocker encrypted partitions. |
forensics | exetractor | Unpacker for packed Python executables. Supports PyInstaller and py2exe. |
forensics | firmware-mod-kit | Tools for firmware packing/unpacking. |
forensics | pdf-parser | Tool for digging in PDF files |
forensics | scrdec | A decoder for encoded Windows Scripts. |
forensics | testdisk | Testdisk and photorec for file recovery. |
crypto | cribdrag | Interactive crib dragging tool (for crypto). |
crypto | foresight | A tool for predicting the output of random number generators. To run, launch "foresee". |
crypto | hashpump | A tool for performing hash length extension attaacks. |
crypto | hashpump-partialhash | Hashpump, supporting partially-unknown hashes. |
crypto | hash-identifier | Simple hash algorithm identifier. |
crypto | littleblackbox | Database of private SSL/SSH keys for embedded devices. |
crypto | msieve | Msieve is a C library implementing a suite of algorithms to factor large integers. |
crypto | pemcrack | SSL PEM file cracker. |
crypto | pkcrack | PkZip encryption cracker. |
crypto | python-paddingoracle | Padding oracle attack automation. |
crypto | reveng | CRC finder. |
crypto | ssh_decoder | A tool for decoding ssh traffic. You will need ruby1.8 from https://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng to run this. Run with ssh_decoder --help for help, as running it with no arguments causes it to crash. |
crypto | sslsplit | SSL/TLS MITM. |
crypto | xortool | XOR analysis tool. |
crypto | yafu | Automated integer factorization. |
web | burpsuite | Web proxy to do naughty web stuff. |
web | commix | Command injection and exploitation tool. |
web | dirs3arch | Web path scanner. |
web | sqlmap | SQL injection automation engine. |
web | subbrute | A DNS meta-query spider that enumerates DNS records, and subdomains. |
stego | sound-visualizer | Audio file visualization. |
stego | steganabara | Another image steganography solver. |
stego | stegdetect | Steganography detection/breaking tool. |
stego | stegsolve | Image steganography solver. |
android | apktool | Dissect, dis-assemble, and re-pack Android APKs |
stego | StegHide | Steganography program |