hydra

Fully automated offensive security framework for reconnaissance and vulnerability scanning

OneForAll是一款功能强大的子域收集工具

The LAZY script will make your life easier, and of course faster.

A high performance offensive security tool for reconnaissance and vulnerability scanning

XSS'OR - Hack with JavaScript.

An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。

SSRF (Server Side Request Forgery) testing resources

iOS/macOS/Linux Remote Administration Tool

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Penetration Testing Platform

Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Venom - A Multi-hop Proxy for Penetration Testers

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

ODAT: Oracle Database Attacking Tool

Automation for internal Windows Penetrationtest / AD-Security

Find exploit tool

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Wordpress Attack Suite

MSDAT: Microsoft SQL Database Attacking Tool

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Privilege Escalation Enumeration Script for Windows

Hacking Toolkit