Displaying 1 to 20 from 128 results

Zaproxy - An easy to use integrated penetration testing tool for finding vulnerabilities

  •    Java

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

redsnarf - RedSnarf is a pen-testing / red-teaming tool for Windows environments

  •    PowerShell

RedSnarf is a pen-testing / red-teaming tool by Ed Williams for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques. Retrieve Local Hashes from a single machine using local administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d .

SniffAir - A framework for wireless pentesting.

  •    Python

SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws. Along with the prebuilt queries, SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules. Tested and supported on Kali Linux, Debian and Ubuntu.




EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X.

  •    Python

Warning: Because payloads are created unique to the target system (automatically by the server), the server must be running when any bot connects for the first time. For more information on SemVer, please visit https://semver.org/.

Sn1per - Automated Pentest Recon Scanner

  •    PHP

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to https://xerosecurity.com. To obtain a Sn1per Professional license, go to https://xerosecurity.com.


DeathStar - Automate getting Domain Admin using Empire

  •    Python

DeathStar is a Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments using a variety of techniques.

mitmAP - 📡 A python program to create a fake AP and sniff data.

  •    Python

I'm not responsible for anything you do with this program, so please only use it for good and educational purposes.

Red-Teaming-Toolkit - A collection of open source and commercial tools that aid in red team operations

  •    

A collection of open source and commercial tools that aid in red team operations. This repository will help you during red team engagement. If you want to contribute to this list send me a pull request.

juice-shop - OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws

  •    Javascript

OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.

archerysec - Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities

  •    HTML

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.

scanless - online port scan scraper

  •    Python

Command-line utility for using websites that can perform port scans on your behalf.

drozer - The Leading Security Assessment Framework for Android.

  •    Python

drozer (formerly Mercury) is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.

needle - The iOS Security Testing Framework

  •    Python

Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps. Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like "drozer" that have solved this problem and aim to be a ‘one stop shop’ for the majority of use cases, however iOS does not have an equivalent.

subfinder - SubFinder is a subdomain discovery tool that discovers valid subdomains for websites

  •    Go

SubFinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and has been aimed as a successor to sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then it uses a permutation module inspired by altdns to generate permutations and resolve them quickly using a powerful bruteforcing engine. It can also perform plain bruteforce if needed. The tool is highly customizable, and the code is built with a modular approach in mind making it easy to add functionalities and remove errors. We have designed SubFinder to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike.