Rejected tools

As said in the guidelines, submitted tools can be accepted or rejected by the team after being reviewed. There can be several reasons for what a tool is not accepted, here are some of them:

  • it's just a chain of multiple tools
  • it's a single CVE exploit/PoC
  • it's malicious or harmless by purpose
  • it's a common utility provided by OS
  • it's not related to security
or something else...

However, there are real humans behind all of this and mistakes happen. If you think that one this tool deserve a second chance, feel free to leave a comment on the corresponding issue on GitHub and we will check it again.

10d10d (#1455) - my personal website.
4n4lDetector (#1298) - Advanced static analysis tool.
Above 2.0 (#1105) - Automates the search for network vulnerabilities, designed for pentesters,...
ADHunt (#1684) - A tool for enumerating Active Directory Enviroments looking for interesting...
Airi (#1171) - Airi is made to find hidden input parameters in web applications.
Airixss (#1175) - Airixss is for checking reflection in recon process to find possible xss...
ApkHack-BackDoor (#1189) - ApkHack-BackDoor is a shell script that simplifies the process of adding...
Arescan (#1226) - Arescan: Advanced Directory Discovery Tool.
ASPJinjaObfuscator (#1821) - Heavily obfuscated ASP web shell generation tool.
atop_maltego (#1432) - A new Maltego transform useful to make investigations on TON assets like...
autoNTDS (#1649) -  autoNTDS is an automation script designed to simplify the process of...
badgerDAPS (#1665) - Brute Ratel LDAP filtering and sorting tool. Easily take BR log output...
BHHB (#314) - View the HTTP history exported from Burp Suite Community Edition.
BypassNeo-reGeorg (#1312) - Anti-kill version Neo-reGeorg.
Camera Exploitation Tool (#1116) - Automated exploit scanner for cameras on the internet.
CAS (#716) - Code signing tool and SBOM (software bill of materials) scanner.
CertVerify (#916) - The CertVerify is a tool designed to detect executable files (exe, dll,...
chameleon (#1219) - Chameleon is yet another PowerShell obfuscation tool designed to bypass...
chisel (#721) - Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH....
CHOMTE.SH (#1452) - Recon Tool with Good Workflow & Amazing Features, It narrow down the Attack...
Cisco SmartInstall Exploit (#767) - Cisco SmartInstall Exploit CVE-2018-0171.
ClownSearcher (#1337) - This tool is created to facilitate our dorking process, making it faster...
Cookie-Editor (#1815) - Efficiently create, edit and delete a cookie for the current tab.
CRTER (#1287) - This script reads a text file containing domains, fetches the subdomains...
cyberonix (#976) - Cyberonix is a complete resource hub for Cyber Security Community.
CyberXS (#1781) - CyberXS is an XSS Vulnerability Automation Tool made with multiple Oneliners.
Dir-Xcan6 (#1212) - Dir-Xcan6 is a free and open-source scanner based on OWASP's DirBuster...
docker_nginx_logger (#1201) - Nginx Request Logger Server [Docker Version].
docker-osmedeus v4 (#1192) - Docker image for Osmedeus, a fully automated offensive security tool for...
Dogwalk Proof-of-Concept (#985) - The PoC allows an attacker to obtain Remote Code Injection on a Windows...
DomainTrail (#1695) - DomainTrail is a fast subdomain enumeration tool that uses effective passive...
EndExt_ (#1043) - EndExt is a .go tool for extracting all the possible endpoints from the...
EnumStrike (#1293) - Cobalt Strike Aggressor script to automate host and domain enumeration.
Ethiack (#1273) - Preemptively attack your assets and identify vulnerabilities with Autonomous...
Evilgrade (#743) - Evilgrade is a modular framework that allows the user to take advantage...
Eviltree (#1774) - A python3 remake of the classic "tree" command with the additional feature...
exploit-poc (#1168) - TOP All bugbounty pentesting CVE-2022- POC Exp Things.
FoxyProxy (#1816) - FoxyProxy is an open-source, advanced proxy management tool.
Frizz (#1176) - Find Crlf injection vulnerable endpoints.
GetLAPSPassword (#1190) - A LAPS dumper written using the impacket library.
GodPotato_ (#1042) - Based on the history of Potato privilege escalation for 6 years, from the...
GodPotato-Aggressor-Script (#1725) - GodPotato is written by BeichenDream and can be found at ...
Goosle (#1706) - A Meta Search engine with privacy and ease of use in mind.
GPPDeception (#1679) - This script generates a groups.xml file that mimics a real GPP to create...
gron (#174) - Make JSON greppable!
GSB (#1615) - Google Safe Browsing is a tool developed by Google aimed at enhancing internet...
HackBot (#1388) - AI-powered cybersecurity chatbot designed to provide helpful and accurate...
Hacker101 CTF (#764) - Game designed to let you learn to hack in a safe, rewarding environment.
HackerToolkit (#1811) - HackerToolkit offers a curated selection of tools designed to enhance your...
HackTools (#1817) - it includes cheat sheets as well as all the tools used during a test such...
HALA (#1288) - HALA offers a powerful capability that enables you to identify reflected...
hash-cracker (#1395) - short description of the tool (max:100) tool that helps you cracking hashes...
hash-hound (#1145) - A simple python script to identify different hashes.
hashcracker (#1796) - A powerfull bruteforcing tool to brute force the algorithm which is seen...
hfuzz (#1084) - Wordlist for web fuzzing, made from a variety of reliable sources including:...
Honeypots-Detection (#1660) - Nuclei templates for honeypots detection.
huntkit (#1765) - Docker - Ubuntu with a bunch of PenTesting tools and wordlists.
icmp_reverse_shell (#1174) - This project is about reverse shell using icmp.
icmp_shell (#1178) - shell over icmp, server run at linux and client run at windows.
Invictus (#1688) - Little vulnerable app as a practice app for OSED.
Ippsec (#1160) - IPPSEC's YouTube channel offers educational content on cybersecurity and...
IsmailScript (#1324) - Fast and customizable information gathering to enable a penetration tester...
Jeeves (#1170) - Jeeves is made for looking to Time-Based Blind SQLInjection through recon.
Js-Finding (#1299) - JS Finding can be used to extract JavaScript (JS) files from either a single...
js-xss (#1235) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified...
KillDefender (#1251) - A small POC to make defender useless by removing its token privileges and...
LinPEAS (#583) - LinPEAS is a script that searches for possible paths to escalate privileges...
log4j-scan (#171) - Automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228.
Malicious (#1496) - Hacking WordPress Plugins - Authenticated Shell Upload, compromising the...
malicious-pdf2 (#820) - Generate a bunch of malicious pdf files with phone-home functionality.
Malwoverview (#727) - First response tool used for threat hunting and offers intel information...
MimiPenguin (#625) - A tool to dump the login password from the current linux desktop user.
MobSecco (#1323) - A tool to create a clone debug a mobile application from Android apk. The...
Moriarty Project (#1106) - A powerful web based phone number investigation tool. It has 6 features...
Mortar (#827) - red teaming evasion technique to defeat and divert detection and prevention...
NetInspect (#1643) - Information gathering of IPs or domains.
Netscout (#1780) - OSINT tool that finds domains, subdomains, directories, endpoints and files...
NetworkSherlock (#1513) - NetworkSherlock: Porwerfull Port Scanning With Shodan.
Nim-Shell (#1752) - Reverse shell that can bypass windows defender detection.
NODESUB (#1311) - Nodesub is a command-line tool for finding subdomains in bug bounty programs.
NtlmThief (#1680) - Extracting NetNTLM without touching lsass.exe.
NucleiFuzzer (#1506) - NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF,...
NucleiScanner (#1830) - NucleiScanner = Nuclei + Subfinder + Gau + Paramspider + httpx.
obfus.h (#1798) - Macro-header for compile-time C obfuscation (tcc, win x86/x64).
Open Multiple URLs (#1818) - Opens a list of URLs at once.
OS-Downloads (#1762) - Links Of Windows/Linux/OFFICE ISOs Files using official Links.
OSCP-Reporting (#1156) - Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP Exam and Lab Reporting...
PacketSpy (#1750) - PacketSpy is a powerful network packet sniffing tool designed to capture...
PassMute (#1249) - PassMute - A Password Trasmutation/Mutator tool.
PathFinder (#1674) - Web Path Finder is a Python program that provides information about a website....
Pen-Andro (#784) - Script to Automate installtion of Apps ,frida server and moving Burpsuite...
pentesting-bootstrap (#1652) - Fast and easy way of setting up a hardened pentesting environment with...
pepito (#1206) - Searches git repositories for specific strings, digging deep into commit...
Personal Cloud Desktop (#991) - SetUp an Ubuntu machine with a DNS name on Cloud with Terraform and some...
PhoenixC2 (#1223) - Free & open source C2 framework for Red Teams.
php-request-proxy (#1200) - A lightweight PHP script that forwards requests to a target server, effectively...
PowerLessShell (#609) - Run PowerShell command without invoking powershell.exe.
PowerShell-Obfuscation-Bible (#1242) - A collection of techniques, examples and a little bit of theory for manually...
PowerTools (#1687) - Powershell tools used for Red Team / Pentesting. As of Nov 23 2023 all...
ProcOpen-PHP-Webshell (#1295) - Experience the power of a PHP webshell designed to overcome the limitations...
Proving Grounds (#1243) - Offensive Security’s Proving Grounds training labs.
proxy-tamper (#1211) - HTTP proxy library for node.js that tampers HTTP Requests and inserts iframe...
Pyramid (#752) - a tool to help operate in EDRs' blind spots.
ReconBulk (#1102) - Automated Subdomain Enumeration and Scanning Tool.
Reflector (#1191) - Reflector is cli tool written using golang to test for reflected parameters...
remote_commander (#1199) - Remote Commander - PHP script for sending commands to your PC remotely.
Rev-Shell (#1791) - Basic script to generate reverse shell payloads, generally most used in...
revshellgen (#1301) - Reverse shell generator written in Python 3.
RMS-Runtime-Mobile-Security (#1435) - With RMS you can easily dump all loaded classes and relative methods, hook...
RootKits-List-Download (#1150) - The list of all rootkits found so far on github and other sites.
RsaCracker (#1396) - Powerful RSA cracker for CTFs. Supports RSA, X509, OPENSSH in PEM and DER...
RunAsPasswd (#1153) - A RunAs.exe clone with the ability to specify the password as an argument.
RunWithDll (#1682) - A utility that can be used to launch an executable with a DLL injected.
s3-xplode (#1588) - S3-xplode is a script that will scan a public s3 bucket for secrets using...
s3n (#1202) - Search-Scan-Save-Notify.
ScrapingKit (#1286) - Scraping Kit is made up of several tools for scraping services for keywords,...
SecretOpt1c (#1313) - SecretOpt1c is a Red Team tool that helps uncover sensitive information...
SeeYouCM-Thief (#1216) - Automatically download and parse conf files from Cisco phone systems searching...
ShadowClone (#626) - ShadowClone allows dynamic task distribution across serverless functions...
Shell3er (#1183) - Shell3er PowerShell Reverse Shell Evade EDR's and AV's support Random Process...
shells2 (#1450) - A script for generating common revshells fast and easy. Especially nice...
ShodanX (#1663) - ShodanX is a tool to gather information of targets using shodan dorks⚡.
SlowLoris (#993) - Slowloris is basically an HTTP Denial of Service attack that affects threaded...
some-tweak-to-hide-jwt-payload-values (#1653) - a handful of tweaks and ideas to safeguard the JWT payload.
SQLi_Sleeps (#1746) - It is a simple script that allows to find SQLi vulnerabilities, obtaining...
Subcriminalip (#1331) - Subcriminal: Python tool using Criminal IP API to extract domain data efficiently.
Subprober (#1804) - A Fast Multi-Purpose Http Probing Tool for Penetration Testing.
SubScout (#652) - A simple bash script to automate your initial recon and extend your attack...
TCP-tunnel-RCE (#1203) - Excel induced macro code Arbitary code execution from remote system misusing...
Theattacker-Crypter (#1247) - Tool to evade Antivirus With Different Techniques.
TheFatRat (#754) - TheFatRat is an exploiting tool which compiles a malware with famous payload,...
Tmux (#1117) - Tmux is a terminal multiplexer !!.
Tool NiceName (#1136) - Tunneling over websocket protocol - Static binary available.
Tracey-Backdoor V2 (#1180) - A Reverse Shell Backdoor made in Python OOP. It is supposed to work in...
UAC-Exploit (#1088) - Presenting an exploit method that bypasses the admin access confirmation...
usbkill (#992) - « usbkill » is an anti-forensic kill-switch that waits for a change on...
VDR - Vulnerable Driver Research (#1647) - Vulnerable driver research tool, result and exploit PoCs.
voipire (#1797) - Voipire scans and exploits the RTP bleed vulnerability.
WebRecon2 (#1225) - WebRecon2 is another Website-reconnaissance tool, It uses the best tools...
WebSieve (#1110) - Extract Unique URLs from a Webpage.
wezterm (#1763) - A GPU-accelerated cross-platform terminal emulator and multiplexer written...
What is this browser? (#1209) - From a simple User-Agent, it tells you what might be the browser, version...
WhatMail (#1289) - A command-line tool that analyzes the header of an email and provides detailed...
whatsapp-osint (#1134) - Logs online/offline events from ANYONE in the world.
WiFi Exploitation Framework_ (#1248) - Wi-Fi Exploitation Framework.
Windows-Local-Privilege-Escalation-Cookbook (#1729) - Windows Local Privilege Escalation Cookbook.
Wolfy (#1172) - Wolfy is a tool which bypass AVs by using a crypter + the tool Condor from...
WordSteal (#1768) - This script will create a POC that will steal NTML hashes from a remote...
XSS-Automation-Tool (#1184) - XSS automation tool helps hackers identify and exploit cross-site scripting.
XSS-Callback (#1205) - XSS Callback is a tool allowing you to exploit XSS vulnerabilities.
XSS-exploit (#1204) - XSS Injection based keylogger.
xsshuntertest (#1057) - The fastest way to set up XSS Hunter to test and find blind cross-site...
XssPy (#1236) - XssPy - Web Application XSS Scanner.
xsubfind3r (#1497) - xsubfind3r is a command-line interface (CLI) based passive subdomain discovery...
Yara (#719) - The pattern matching swiss knife for malware researchers.
Zeus (#728) - Powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening...