#all
Villain
Backdoor generator and multi-session handler for sessions sharing among connected sibling servers.
hoaxshell
Windows reverse shell payload generator and handler that abuses the http(s) protocol.
Nuclei templates
Community curated list of templates for the Nuclei engine to find security vulnerabilities.
mapcidr
Small utility program to perform multiple operations for a given subnet/CIDR ranges.
proxify
Swiss Army knife Proxy tool for HTTP(S) traffic capture, manipulation, and replay on the go.
DNSProbe
Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Locksmith
Detect and fix common misconfigurations in Active Directory Certificate Services.
GeoWordlists
Generate wordlists of passwords containing cities at a defined distance around the client city.
Amnesiac
Post-exploitation framework designed to assist with lateral movement within Active Directory.
ThievingFox
Post-exploitation tools to gather credentials from various password managers and Windows utilities.
Donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files.
Damn Vulnerable RESTaurant
An intentionally vulnerable web API game for learning and training purposes.
Seatbelt
Performs security oriented safety checks relevant from offensive/defensive security perspectives.
Invoke-ACLPwn
Automates the discovery and pwnage of ACLs in Active Directory that are unsafe configure.
WebCopilot
Automation tool designed to enumerate subdomains and detect bugs using different open-source tools.
JS-Tap
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant.
DVenom
Helps to bypass antiviruses by providing an encryption wrapper and loader for your shellcode.
MetaDetective
Unleash metadata intelligence, bridging the chasm in metadata extraction and analysis.
GTFONow
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
moonwalk-back
Cover your tracks during Linux exploitation by leaving zero traces on the exploited system.
ShuckNT
Dowgrade, convert, dissect and shuck authentication token based on Data Encryption Standard.
Lookyloo
Allows users to capture a website page and then display a tree of domains that call each other.
HackTricks
Find trick/technique/whatever learnt from CTFs, real life apps, reading researches, and news.
ThreatMapper
Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
ImHex
Hex editor for reverse engineers, programmers and people who value their retinas when working at 3am.
mvt
Helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
changedetection.io
Page change monitoring with alerts a breezem, the best way to monitor website changes.
twint
Twitter scraping & OSINT tool allowing you to scrape a user's followers, following, tweets and more.
Osintgram
An interactive shell to perform analysis on Instagram account of any users by its nickname.
Infection Monkey
Test a data center's resiliency to perimeter breaches and internal server infection.
NetExec
Network service exploitation tool that helps automate assessing the security of large networks.
TrafficWatch
A packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files.
CyberSec Quizzes
Test your knowledge on cyber security and practice for industry recognised certifications.
CloudFlair
Find origin servers of websites behind Cloudflare by using Internet-wide scan data from Censys.
ILSpy
NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!.
HasMySecretLeaked
Search across 20 million exposed secrets in public GitHub repositories, gists, issues and comments.
bbradar.io
Fetches latest bug bounty programs from many platforms and consolidates them in one place.
Redacted Request
Enhance the security and confidentiality of HTTP request handling within the Burp Suite.
Burp-Encode-IP
Burp Suite extension to encode an IP address focused to bypass application IP/domain blacklist.
wifi-bruteforcer-fsecurify
Android application to brute force WiFi passwords without requiring a rooted device.
droopescan
A plugin-based scanner that aids security researchers in identifying issues with several CMSs.
wordlistgen
Quickly generate context-specific wordlists for content discovery from lists of URLs or paths.
Trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, repositories...
GatherContacts
Burp Suite extension to pull employee names from Google and Bing LinkedIn search results.
Cake Fuzzer
Cutting-edge project designed to automate the continuous discovery of vulnerabilities in webapps.
Empire
Post-exploitation and adversary emulation framework that is used to aid Red Teams and pentesters.
Damn Vulnerable Bank
A vulnerable Android application with an interface to test your mobile hacking skills.
Synergy-httpx
Http(s) server designed to host resources dynamically or act as a receiver for POST data intercepts.
P4wnP1 A.L.O.A.
Turn a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming or PE.
proxmark3
RFID tool designed to snoop, listen and emulate everything from Low to High Frequency tags.
pwnat
Punch holes through firewalls/NATs where both clients and servers can be behind separate NATs.
egressbuster
Check egress filtering and identify if ports are allowed to automatically spawn a shell.
smbcrawler
No-nonsense tool that takes credentials and a list of hosts and crawls through those shares.
GTFOBins
Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
Sshimpanzee
Reverse shell based on sshd supporting DNS and ICMP tunnelling as well as HTTP and Socks proxies.
JNDI-Injection-Exploit
Generates JNDI links can start several servers to exploit JNDI Injection vulnerabilities.
appmon
Framework for monitoring and tampering system API calls of native macOS, iOS and android apps.
talisman
Validate the outgoing changeset for things that look suspicious such as tokens, passwords and keys.
postmaniac
Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces.
Blacklist3r
Identify usage of pre-shared Machine Keys in a application for encryption and decryption.
XXElixir
This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.
The PenTesters Framework
The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
BugBountyScanner
A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use.
nuclei-wordfence-cve
Collection of Nuclei templates dedicated to WordPress core, plugins and themes vulnerabilities.
Kscan
Kscan is an all-round scanner developed purely in Go, with functions such as port scanning, protocol.
deps.dev
Better understand the structure, construction, and security of open source software packages.
Ghostbuster
Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.
hakip2host
Takes a list of IP addresses then does a series of checks to return associated domain names.
hakfindinternaldomains
Feed it a list of subdomains, it will resolve them and tell you which ones are internal.
The Time Machine
Weaponizing WaybackUrls for recon, bug bounties, OSINT, sensitive endpoints and what not.
s3cXSSer
This extension will help you to detect GET/POST based XSS vulnerability in any website easily.
Go365
Go365 performs user enumeration and password guessing attacks on organizations that use Office365.
svn-extractor
Simple script to extract all web resources by means of .SVN folder exposed over network.
Kubestroyer
Exploit Kubernetes clusters misconfigurations and be the swiss army knife of your pentests.
XSS Hunter
The fastest way to set up XSS Hunter to test and find blind cross-site scripting vulnerabilities.
autowpscan
An automated tool that automatically scanning a list of multiple websites with wordpress at once.
GPT_Vuln-Analyzer
A powerful network scanner, DNS recon, subdomain enumeration and IP Geolocator tool powered by GPT.
wmiexec-Pro
The new generation of wmiexec.py with all operations performed on port 135 for antivirus evasion.
SocialPwned
Allows to get the emails from a target published in social networks to find possible credentials.
AWS Sensitive Permissions
This script enumerates the permissions of all the AWS principals of an account.
phpsploit
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor.
Athena OS
Arch Linux-based distro focused on Cybersecurity. Learn, practice and enjoy with any hacking tool!
SecretFinder
SecretFinder is a script based on LinkFinder, written to find sensitive data in JavaScript files.
JSpector
Burp Suite extension to crawl JS files in passive mode and display the results on the issues.
ffufPostprocessing
Golang tool which helps dropping the irrelevant entries from your ffuf result file.
CarbonCopy
Creates a spoofed certificate of any online website and signs an executable for AV evasion.
Invoke-PSImage
Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute.
SSRFPwned
Checks for SSRF using custom payloads after fetching URLs from sources & applying complex patterns.
securityonion
Free and open platform for threat hunting, enterprise security monitoring, and log management.
EAPHammer
Targeted attacks against WPA2-Enterprise networks, wireless pivots using hostile portal attacks.
GCPBucketBrute
Enumerate Google Storage buckets, check the access and if they can be privilege escalated.
jsfinder
Fetches JavaScript files quickly and comprehensively from a defined list of URLs or domains.
WebInspect
An automated dynamic testing solution that provides comprehensive vulnerability detection.
RedTeam_toolkit
Open source Django offensive webapp which is keeping the best tools used in the redteaming.
Vajra
UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.
TrevorC2
A legitimate website that tunnels client/server communications for covert command execution.
Pentest Mapper
Burp Suite extension for application pentest to write test cases and map flows and vulnerabilities.
SpoolSploit
Collection of Windows print spooler exploits and other utilities for practical exploitation.
undetected-chromedriver
Optimized Selenium Chromedriver patch which does not trigger anti-bot services.
ggshield
Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.
Qualys Cloud Platform
The revolutionary architecture that powers Qualys' IT, security, and compliance cloud apps.
GitHacker
A Git source leak exploit tool that restores the entire Git repository, including data from stash.
Nosey Parker
Command-line tool that finds secrets and sensitive information in textual data and Git history.
Offensive-Azure
Collection of offensive tools targeting Microsoft Azure written in Python to be platform agnostic.
Can I Take Over DNS?
A list of DNS providers and how to claim (sub)domains via missing hosted zones.
Oculus
OSINT tool used to discover environments, directories, and subdomains of a particular domain.
DirBuster
Multi threaded application to brute force directories and files names on web/application servers.
Highlighter and Extractor
Collect, categorize and highlight requests and/or responses according to their content.
Windows Exploit Suggester
Compares target patch levels against the Microsoft vulnerability DB to detect missing patches.
Nessus database export
Export Nessus results to a relational database for use in reports, analysis, or whatever else.
Runtime Mobile Security
A powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.
padding-oracle-attacker
Execute padding oracle attacks with support for concurrent network requests and an elegant UI.
SweetPotato
A collection of various Windows privilege escalation techniques from service accounts to SYSTEM.
eLdap-Ldap-Search-and-Filter
A tool that helps users searching and filtering queries in Ldap environment.
burp-exporter
Copy a Burp Suite request to a file or the clipboard as multiple programming languages functions.
Awesome Bug Bounty
A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.
differer
differer finds how URLs are parsed by different languages in order to help bug hunters break filters.
Yet Another Sniffer
A network analyzer that make easy to extract informations about network traffic.
JWTweak
Detects JWT algorithm and provides options to generate a new JWT based on another algorithm.
gitscraper
Scrapes public GitHub repositories for common naming conventions in variables, folders and files.
H1 Report Finder
A burpsuite extension to find security reports published on HackerOne based on the selected host.
DependencyCheck
Utility that detects publicly disclosed vulnerabilities in application dependencies.
RsaCtfTool
RSA multi-attacks tool: uncypher data from a weak public key and try to recover a private key.
BurpSuiteHTTPSmuggler
A Burp Suite extension to bypass WAFs or test their effectiveness using a number of techniques.
Burp NTLM Challenge Decoder
Burp extension to decode NTLM SSP headers and extract domain/host information.
Dangerous Methods
A Burp Suite extension for finding the use of potentially dangerous methods/functions.
Domain Analyzer
Analyze the security of any domain by finding all the information possible. Made in python.
Freddy Deserialization Bug Finder
A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.
SSH PuTTY login bruteforcer
A wrapper script which uses PuTTY to perform SSH login bruteforce attacks.
AutoRecon
Multi-threaded network reconnaissance tool which performs automated enumeration of services.
SqlmapDnsCollaborator
Lets you use Burp Collaborator as a DNS server for exfiltrating data via Sqlmap.
Java Deserialization Scanner
All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.
Cross-site scripting cheat sheet
PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.
Dastardly Scan Action
Runs a scan using Dastardly by Burp Suite against a target site and generates a report.
scan-check-builder
Burp Suite extension which helps to improve the active and passive scanner by yourself.
Collaborator Everywhere
Burp Suite extension which injects non-invasive headers to reveal backend systems.
HTTP Request Smuggler
Extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks.
PortSwigger Cross-Site Scripting cheatsheet data
All the XSS cheatsheet data to allow contributions from the community.
SecLists
Collection of multiple types of lists used during security assessments, collected in one place.
Headless Burp
Provides a suite of extensions and a maven plugin to automate security tests using Burp Suite.
bounty-targets-data
Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.
BlackWidow
Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
SearchSploit
Cli tool for Exploit-DB that also allows you to take a copy of Exploit Database with you.
mass-s3-bucket-tester
Tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable.
Burp-AnonymousCloud
Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.
S3 Objects Check
Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.
WPSpider
A centralized dashboard for running and scheduling WordPress scans powered by WPScan utility.
Default Credentials Cheat Sheet
One place for all the default credentials to assist on finding devices with default password.
XSSwagger
A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks.
Shadow Workers
C2 and proxy designed to help in the exploitation of XSS and malicious Service Workers.
Xss-Sql-Fuzz
Burp Suite plugin for XSS and SQLi which add our payload to all parameters with one click.
XSSer
Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.
xssValidator
A Burp Intruder extender designed for automation and validation of XSS vulnerabilities.
Ground control
A collection of scripts mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
Evil SQL Client
Interactive .NET SQL console client with enhanced SQL Server discovery/access/exfiltration features.
lorsrf
Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load.
gaussrf
Fetch known URLs from several sources and Filter Urls With OpenRedirection or SSRF Parameters.
Extended SSRF search
Smart SSRF scanner using different methods like parameter brute forcing in POST and GET.
Turbo Intruder
Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
IntruderPayloads
Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
param-miner
Identifies hidden, unlinked parameters, useful for finding web cache poisoning vulnerabilities.
FuzzDB
Attack patterns and primitives for black-box application fault injection and resource discovery.
WitnessMe
Web Inventory tool, takes screenshots and provides some extra bells&whistles to make life easier.
brutesubs
Automation framework for running multiple open sourced subdomain bruteforcing tools in parallel.
Substr3am
Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates.
Censys Enumeration
Extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.
Censys subdomain finder
Perform subdomain enumeration using the certificate transparency logs from Censys.
The Social-Engineer Toolkit
Open-source penetration testing framework designed for social engineering.
bettercap
The Swiss Army knife for WiFi, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
BeEF
The Browser Exploitation Framework is a penetration testing tool that focuses on the web browser.
crunch
Wordlist generator where you can specify a character set or any set of characters to be used.
reconFTW
Runs the best set of tools to perform scanning and finding out vulnerabilities on a target domain.
Rengine
Automated reconnaissance framework for webapps, highly configurable streamlined recon process.
Masscan
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
EyeWitness
Take screenshots of websites, provide server header info and identify default credentials.
CloudFail
Utilize misconfigured DNS and old database records to find hidden IPs behind CloudFlare network.
hakrawler
Simple, fast web crawler designed for discovery of endpoints and assets within a web application.
Burp Suite
The class-leading vulnerability scanning, penetration testing, and web app security platform.