#
pentest
Here are 507 public repositories matching this topic...
Web path scanner
python
security
scanner
hacking
bruteforce
penetration-testing
bug-bounty
fuzzing
pentesting
pentest
fuzzer
appsec
dirsearch
dirbuster
scanner-web
-
Updated
May 7, 2020 - Python
jhertz
commented
Apr 17, 2020
Hi All,
So I'm trying to use hydra to bruteforce a login on a system that uses custom http headers to receive the username and password. Hydra does not seem to be doing substitution of ^USER^ and ^PASS^ when used as HTTP headers. If I issue issuing a call to hydra like this:
hydra "http-post://0.0.0.0:8000/:H=username\:^USER^:H=password\:^PASS^" -l admin -p admin
I see the following r
roadmap
hacking
penetration-testing
post-exploitation
vulnerabilities
pentest
exploitation
hacking-tool
frameworks
information-gathering
web-hacking
hacktools
-
Updated
Apr 12, 2020
Automated pentest framework for offensive security experts
dns
osint
scanner
nuke
hacking
subnet
shellshock
vulnerability
pentesting
scans
recon
vulnerabilities
bugbounty
pentest
automated
kali-linux
metasploit
sn1per
sn1per-professional
xerosecurity
-
Updated
Jun 11, 2020 - Shell
A list of resources for those interested in getting started in bug bounties
-
Updated
Jun 14, 2020
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
database
apt
exploit
scanner
hacking
password
poc
brute-force
pentest
bypass
crack
privilege-escalation
0day
getshell
netscan
rar-mysql
-
Updated
Jun 8, 2020 - PowerShell
A curated list of awesome infosec courses and training resources.
-
Updated
May 14, 2020
Techbrunch
commented
Apr 19, 2020
According to the documentation in the wiki:
Frida scripts loaded with the import command are also run as jobs automatically
Describe the bug
When loading a script with the import command, the script is successfully loaded but no jobs is created.
To Reproduce
- import test.js
- jobs list
Expected behavior
The job should be listed when running jobs list
**E
Next generation web scanner
ruby
security
web
scanner
hacking
owasp
penetration-testing
application-security
pentesting
recon
pentest
kali-linux
appsec
network-security
web-hacking
security-tools
penetration-test
hacking-tools
pentesting-tools
penetration-testing-tools
-
Updated
Jun 9, 2020 - Ruby
Git All the Payloads! A collection of web attack payloads.
-
Updated
Apr 6, 2019 - Shell
nixawk
commented
Nov 30, 2017
default creds:
guest/guest
Try to access http://target.com:15672/ with your browser, and login with the creds. If it is on, please disable it with the following method.
$ rabbitmq-plugins disable rabbit
Myppomeu
commented
Oct 29, 2016
If I install dependencies listed in patator.py and compile with information from README.md, I still need to install python and all dependencies to use exe file.
Whats the matter compile it, if it does not contains all dependencies?
Collection of the cheat sheets useful for pentesting
-
Updated
Feb 13, 2020
XSS'OR - Hack with JavaScript.
-
Updated
Feb 5, 2020 - JavaScript
大型内网渗透扫描器&Cobalt Strike,Ladon6.6内置74个模块,包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列,密码口令爆破(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、LDAP、SmbHash、WmiHash、Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
security
tools
hack
exploit
scanner
hacking
password
poc
brute-force
pentest
portscan
security-scanner
exp
security-tools
ladon
ipscanner
getshell
netscan
-
Updated
Jun 7, 2020 - C#
minanagehsalalma
commented
Mar 16, 2019
so if the password is correct it accepts it .... and if it's wrong it says the entered password is wrong .. and asks for the password again .. just like what the real sites do :)
SSRF (Server Side Request Forgery) testing resources
-
Updated
May 25, 2020 - Python
A powerful and useful hacker dictionary builder for a brute-force attack
password-generator
hacking
bruteforce
wordlist
brute-force
pentesting
weak-passwords
pentest
wordlist-generator
password-cracker
hackertools
social-engineering-attacks
blasting
bruteforce-password-cracker
password-wordlist
hacker-dictionary-builder
-
Updated
Jan 10, 2020 - Python
Ashrith-Shetty
commented
Apr 23, 2020
On running python setup.py develop a ModuleNotFoundError is thrown.
We have to manually install the following Modules Tornado, PyYAML, Six.
This issue is present in both manual and docker installation process
Expected Behavior
The ultimate WinRM shell for hacking/pentesting
ruby
shell
docker
pentesting-windows
hacking
kerberos
pentesting
winrm
pentest
pass-the-hash
remote-management
win-rm
evil-winrm
-
Updated
Jun 9, 2020 - Ruby
Automatic SSRF fuzzer and exploitation tool
-
Updated
Jan 28, 2020 - Python
Collection of quality safety articles
github
java
dns
security
list
research
web
hacking
waf
xss
bug-bounty
src
pentest
hacker
acknowledgments
fuzz
sec
ruby-programs
xxe
websec
redteam
bounty-hunters
quality-safety-articles
-
Updated
Jun 5, 2020
A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
backdoor
powershell
persistence
malware
phishing
hacking
smile
scam
spoofing
pentest
kali-linux
avs
hacking-tool
anti-forensics
windows-hacking
execution-policy-bypass
social-engineering
uac-bypass
kill-antivirus
runas
dr0p1t
-
Updated
Nov 3, 2018 - Python
A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan (py2) in scripts folder. Py3 port coming. Custom ISO coming.
-
Updated
Apr 8, 2020 - C
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
-
Updated
Feb 24, 2020 - Python
python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
python
tools
cdn
detection
waf
fingerprint
python3
identification
scan-tool
pentest
portscan
port-scanning
security-tools
directory-scanning
poc-scanning
website-fingerprint
fingerprint-recognition-error
-
Updated
Jan 2, 2020 - Python
Improve this page
Add a description, image, and links to the pentest topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the pentest topic, visit your repo's landing page and select "manage topics."
It would be great if we add solution to each section that protects your code/server.
For example a PHP script that sanitises request strings against all attacks