Take it like a gift

merlin
merlin

Cross-platform post-exploitation HTTP/2 Command & Control server and agent.

Commando VM
Commando VM

Fully customizable Windows-based pentesting virtual machine distribution.

GitHacker
GitHacker

A Git source leak exploit tool that restores the entire Git repository, including data from stash.

HARpwn
HARpwn

Designed to streamline the extraction and sanitization of HARTokens from HTTP archives.

CMSmap
CMSmap

CMS scanner that automates the process of detecting security flaws of the most popular CMSs.

FindUncommonShares
FindUncommonShares

Quickly find uncommon shares in vast Windows domains.

docem
docem

Utility to embed XXE and XSS payloads in docx, odt, pptx...

Ettercap
Ettercap

Free and open source network security tool for man-in-the-middle attacks on a LAN.

Burp NTLM Challenge Decoder
Burp NTLM Challenge Decoder

Burp extension to decode NTLM SSP headers and extract domain/host information.

CloudRecon
CloudRecon

Finding assets and subdomains from certificates! Scan the web!

ExifTool
ExifTool

ExifTool meta information reader/writer.

Ghauri
Ghauri

Automates the process of detecting and exploiting SQL injection security flaws.

fastsub
fastsub

A DNS bruteforcer with multi-threading, and handling of bad resolvers.

gateway-finder
gateway-finder

Identify routers on the local LAN and paths to the Internet.

fingerprintx
fingerprintx

Standalone utility for service discovery on open ports!