#passwords
ThievingFox
Post-exploitation tools to gather credentials from various password managers and Windows utilities.
Infection Monkey
Test a data center's resiliency to perimeter breaches and internal server infection.
HasMySecretLeaked
Search across 20 million exposed secrets in public GitHub repositories, gists, issues and comments.
wifi-bruteforcer-fsecurify
Android application to brute force WiFi passwords without requiring a rooted device.
Go365
Go365 performs user enumeration and password guessing attacks on organizations that use Office365.
SocialPwned
Allows to get the emails from a target published in social networks to find possible credentials.
Vajra
UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.
ggshield
Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.
padding-oracle-attacker
Execute padding oracle attacks with support for concurrent network requests and an elegant UI.
JWTweak
Detects JWT algorithm and provides options to generate a new JWT based on another algorithm.
SSH PuTTY login bruteforcer
A wrapper script which uses PuTTY to perform SSH login bruteforce attacks.
SecLists
Collection of multiple types of lists used during security assessments, collected in one place.
Default Credentials Cheat Sheet
One place for all the default credentials to assist on finding devices with default password.
crunch
Wordlist generator where you can specify a character set or any set of characters to be used.
EyeWitness
Take screenshots of websites, provide server header info and identify default credentials.