resources

- Support for SVN source code disclosure of full version and Dump it.

- SvnHack is a SVN folder disclosure exploit.

- Free and open source utility for network discovery and security auditing

- TCP port scanner, spews SYN packets asynchronously

- Common service ports and exploitations

- Attack surface mapping

- Interactive Network Scanner

- 🚀 Fast Port Scanner 🚀

- 🤖 The Modern Port Scanner 🤖

- E-mails, subdomains and names Harvester - OSINT

- SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

- Tool to find metadata and hidden information in the documents.

- In-depth Attack Surface Mapping and Asset Discovery

- Perform subdomain enumeration using the certificate transparency logs from Censys.

- Email addresses harvester

- The Last Web Recon Tool You'll Need.

- Information gathering (OSINT) on a person (EU)

- Open-Source Phishing Toolkit

- This is Advance Phishing Tool ! OTP PHISHING

- Educational Phishing Tool & Information Collector

- An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !

- Advanced Phishing tool for Linux & Termux

- Struts2 vulnerability detection and utilization tools

- Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items

- Web application attack and audit framework, the open source web vulnerability scanner

- The world's most advanced Open Source vulnerability scanner and manager

- Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities

- Web application vulnerability scanner

- Web Application Security Scanner Framework

- Fast and customizable vulnerability scanner based on simple YAML based DSL.

- A passive-vulnerability-scanner Tool.

- CMS vulnerability detection framework

- Next generation web scanner

- Cross-platform utility that uncovers the technologies used on websites

- A free browser extension that helps you identify technologies used on any website at the click of a button (Just for chrome)

- CMS Detection and Exploit Kit based on Whatcms.org API

- CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs

- Online website for to find the CMS footprint

- A simple online fingerprint identification system that supports hundreds of cms source code recognition

- CMS Detection and Exploit Kit website Whatcms.org

- A online tool to get the informathion of website

- Fingerprinter Tool from TideSec Team

- Burpsuite is a graphical tool for testing Web application security

One of the world’s most popular free security tools

- An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

- An HTTP/HTTPS intercept proxy written in Go.

- The all-in-one Red Team extension for Web Pentester 🛠

- Multi-thread WEB directory blasting tool (with dics inside)

- DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers

- open source network security vulnerability scanner, it comes with multiple functions.

- The patrol is a rapid emergency response and cruise scanning system for enterprise intranets

- Nmap Web Dashboard and Reporting

- Hydra is a parallelized login cracker which supports numerous protocols to attack

- Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer

: - Network Infrastructure Penetration Testing Tool

- World's fastest and most advanced password recovery utility

- Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

- Decrypt passwords/cookies/history/bookmarks from the browser

- Fern-Wifi-Cracker is designed to be used in testing and discovering flaws in ones own network with the aim of fixing the flaws detected

- OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows

- Sploitus is а convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities

- The official Exploit Database repository

- Command line utility for searching and downloading exploits

- The Browser Exploitation Framework Project

- XSS Receiver platform without SQL

- XSS'OR - Hack with JavaScript.

- From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras

- Cross Site "Scripter" (aka XSSer) is an automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.

- An advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework

- Automatic SQL injection and database takeover tool

- A friend of SQLmap which will do what you always expected from SQLmap

- Automatic SQL injection with Charles and sqlmap api

- Automated All-in-One OS command injection and exploitation tool

- Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

- Kadimus is a tool to check sites to lfi vulnerability , and also exploit it

- Exploitation shell for exploiting LFI, RFI, and command injection vulnerabilities

- LFIter2 Local File Include (LFI) Tool - Auto File Extractor & Username Bruteforcer

- File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

- File upload vulnerability scanner and exploitation tool

- Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods

- A tool for embedding XXE/XML exploits into different filetypes

- Deemon is a tool to detect CSRF in web application

- Pentest Over Concurrent Toolkit

- Pocsuite is an open-sourced remote vulnerability testing framework developed by the Knownsec Security Team

- The world’s most used penetration testing framework

- Shellcode generator/compiler/handler (metasploit)

- Empire is a PowerShell and Python post-exploitation agent

- Koadic C3 COM Command & Control - JScript RAT

- metasploit-framework UI manager Tools

- gui tool to create normal payload by msfvenom

- Fully automatic penetration test tool using Machine Learning

- GyoiThon is a growing penetration test tool using Machine Learning

- Fully automatically generate numerous injection codes for web application assessment

- Automated Mass Exploiter

- Automation for internal Windows Penetrationtest / AD-Security

- Wireshark is a network traffic analyzer, or "sniffer", for Unix and Unix-like operating systems.

- Cain & Abel is a password recovery tool for Microsoft Operating Systems.

- Generate reverse shells in command line with Go !

- Python script wrote to automate the process of generating various reverse shells.

- Automatically spawn a reverse shell fully interactive for Linux or Windows victim

- Generate a reverse shells for RedTeam

- Powerful Bash-style command line editing for cmd.exe

- A webshell framework for penetration testers.

- Collection of reverse shells

- PHP Webshell with handy features

- Advanced Web Shell

- Weaponized web shell

Link: Password: v71d

: - AntSword is a cross-platform website management toolkit

- The cross platform webshell tool in java

Link: Password: hjrh

- The cross platform webshell tool in .NET

- dynamic binary encryption webshell management client

- a Java tool to encrypt network traffic

- This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target

- windows-kernel-exploits

- Next-Generation Linux Kernel Exploit Suggester

- linux-kernel-exploits Linux

- Privilege Escalation Project - Windows / Linux / Mac

- Linux Privilege Escalation Tool By WazeHell

- Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised.

- DeimosC2 is a Golang command and control framework for post-exploitation.

- Implant framework

- Full-featured C2 framework which silently persists on webserver via evil PHP oneliner 😈

- A post exploitation framework designed to operate covertly on heavily monitored environments (Win8、Win10)

- Covenant is a collaborative .NET C2 framework for red teamers.

- linux post-exploitation framework made by linux user

- A fast port scanner written in go with focus on reliability and simplicity.

- A high concurrency network scanning and service detection tool developed by golang.

- Open-source pentesting management and automation platform by Salesforce Product Security

- Opensource, cross-platform and portable toolkit for automating routine processes when carrying out various works for testing!

- cloc counts blank lines, comment lines, and physical lines of source code in many programming languages

- Source Code Security Audit

- Cobra for white hat

- Grep rough audit - source code auditing tool

- A static source code analyser for vulnerabilities in PHP scripts

- Tool for tunnel

- Tool for tunnel (Version 2)

- A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet

- A lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.

- A high-performance, full-featured, cross platform proxy server

- The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn

- A Multi-hop Proxy for Penetration Testers

- 👻 Stowaway -- Multi-hop Proxy Tool for pentesters

- Manage remote systems with ease.

- BEURK Experimental Unix RootKit

- LD_PRELOAD Linux rootkit (x86 & ARM)

- Open-source, cross-platform, multi-purpose security auditing tool

- Damn Vulnerable Web Application (DVWA)

- WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons

- DSVW is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes

- Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities

- XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security

- A buggy web application whit more than 100 vulnerabilities

- SQLI labs to test error based, Blind boolean based, Time based

- Hack your friend's online MMORPG game - specific focus, sql injection opportunities

- Small set of scripts to practice exploit XSS and CSRF vulnerabilities

- Lab for exploring SSRF vulnerabilities

- This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

- Small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns

- A collection of web pages, vulnerable to command injection flaws

- Damn Vulnerable File Upload V 1.1

- A summary of all types of uploading vulnerabilities for you

- A XXE vulnerability Demo containing language versions such as PHP, Java, python, C#, etc

- A Network Playground for 《Foundations of Python Network Programming》

- The Open-Source AWS Cyber Range