Automatic SQL injection and database takeover tool
-
Updated
Oct 27, 2020 - Python
#
pentesting
Here are 1,396 public repositories matching this topic...
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
windows
linux
awesome
osint
malware
hacking
resources
sql-injection
csrf
awesome-list
pentesting
malware-analysis
bugbounty
kali-linux
hacking-tool
dork
information-gathering
xxe
redteam
osint-resources
-
Updated
Oct 26, 2020
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
android
python
windows
linux
shell
backdoor
reverse-shell
rat
pentesting
post-exploitation
remote-access
payload
mac-os
meterpreter
pupy
reflective-injection
remote-admin-tool
-
Updated
Oct 27, 2020 - Python
Open
Add Braille Decoder
9
bee-san
commented
Sep 29, 2020
Hello spoooopyyy hackers
This is a Hacktoberfest only issue!
Find our contributing guidelines here, this walks you through how to add a decoder / cracker!
https://github.com/Ciphey/Ciphey/wiki#adding-your-own-crackers--decoders
Don't worry if it looks hard, we will walk you through everything! :)
Write this issue in Python!
Links
These links will
Web path scanner
python
security
scanner
hacking
bruteforce
penetration-testing
bug-bounty
fuzzing
pentesting
pentest
fuzzer
appsec
hacktoberfest
dirsearch
dirbuster
scanner-web
hacktoberfest2020
-
Updated
Oct 27, 2020 - Python
A collection of open source and commercial tools that aid in red team operations.
-
Updated
Sep 1, 2020
jhertz
commented
Apr 17, 2020
Hi All,
So I'm trying to use hydra to bruteforce a login on a system that uses custom http headers to receive the username and password. Hydra does not seem to be doing substitution of ^USER^ and ^PASS^ when used as HTTP headers. If I issue issuing a call to hydra like this:
hydra "http-post://0.0.0.0:8000/:H=username\:^USER^:H=password\:^PASS^" -l admin -p admin
I see the following r
A swiss army knife for pentesting networks
-
Updated
Oct 9, 2020 - Python
Automated pentest framework for offensive security experts
dns
osint
scanner
nuke
hacking
subnet
shellshock
vulnerability
pentesting
scans
recon
vulnerabilities
bugbounty
pentest
automated
kali-linux
metasploit
sn1per
sn1per-professional
xerosecurity
-
Updated
Oct 21, 2020 - Shell
cnotin
commented
Oct 25, 2020
⭐ Challenge idea
Description
I notice that the Cards API returns the full credit card number, while the UI only shows the last digits
Underlying vulnerabilities
- entire card storage -> PCI/DSS
- returning more info than what's displayed
Expected difficulty
|
|:------------------------
Directory/File, DNS and VHost busting tool written in Go
-
Updated
Oct 27, 2020 - Go
An Information Security Reference That Doesn't Suck
windows
linux
osx
reverse-engineering
hacking
forensics
penetration-testing
infosec
pentesting
references
information-security
privilege-escalation
exfiltration
infosec-reference
red-team
blueteam
hacking-simulator
privilege-escalation-exploits
mitre-attack-db
-
Updated
Oct 26, 2020
x72hoor
opened
Aug 5, 2020
This is a multi-use bash script for Linux systems to audit wireless networks.
linux
bash
enterprise
security
hacking
wireless
aircrack
handshake
pentesting
denial-of-service
wps
sslstrip
beef
evil-twin
sniffing
pixie-dust
wep
5ghz
wpa-wpa2
pmkid
-
Updated
Oct 21, 2020 - Shell
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
security
security-audit
scanner
exploits
infosec
pentesting
vulnerability-detection
vulnerability-scanners
vulnerability-assessment
-
Updated
Jan 29, 2020 - Python
Collaborative Penetration Test and Vulnerability Management Platform
security
devops
chatops
security-audit
collaboration
orchestration
nmap
penetration-testing
vulnerability
infosec
pentesting
collaborative
cve
nessus
vulnerability-management
vulnerability-scanners
burpsuite
security-automation
devsecops
continuous-scanning
-
Updated
Sep 10, 2020 - JavaScript
Web Pentesting Fuzz 字典,一个就够了。
-
Updated
May 9, 2020 - Python
Next generation web scanner
ruby
security
web
scanner
hacking
owasp
penetration-testing
application-security
pentesting
recon
pentest
kali-linux
appsec
network-security
web-hacking
security-tools
penetration-test
hacking-tools
pentesting-tools
penetration-testing-tools
-
Updated
Oct 6, 2020 - Ruby
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
security
awesome
hacking
cheatsheet
penetration-testing
penetration
pentesting
security-vulnerability
information-security
refresher
hacking-tool
oscp5
howto-tutorial
security-tools
oscp
penetration-test
oscp-journey
hacking-code
oscp-tools
cheatsheet-god
-
Updated
Sep 6, 2020
bee-san
commented
Oct 18, 2020
RustScan has an accessible mode, rustscan --accessible which should promise not to have any weird ASCII text in it.
Write CI that runs RustScan with --accessible a few times, with different flags / options and check the terminal output to see if it contains one of these:
[!][~][>]| {}
If any of these characters appear in any of the tests, fail the CI. E
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
static-analysis
mobile-app
android-application
ios-app
dynamic-analysis
pentesting
reverse-engineers
network-analysis
runtime-analysis
-
Updated
Aug 30, 2020
The LAZY script will make your life easier, and of course faster.
shortcut
penetration-testing
shell-script
pentesting
wifiphisher
wpa-cracker
kali-linux
bypass-av
metasploit-framework
payload
pixie-dust
bypass-antivirus
wifi-password
wpa2-handshake
antivirus-evasion
payload-generator
sqlinjection
pentest-tool
wifi-testing
eternalblue-doublepulsar-metasploit
kali-scripts
-
Updated
Sep 19, 2020 - Shell
Wiki to collect Red Team infrastructure hardening resources
-
Updated
Mar 24, 2020
Automated All-in-One OS command injection and exploitation tool.
-
Updated
Oct 26, 2020 - Python
someshkoli
commented
Oct 23, 2020
Context
Please select one:
- I use the docker image
ullaakut/cameradar - I use my own build of the docker image
- I use the pre-compiled binary
- I use my own build of the binary
- None of the above / I don't know
Please select one:
- I use a specific version:
- I use the latest commit of the master branch
- I use the latest comm
A high performance offensive security tool for reconnaissance and vulnerability scanning
osint
scanner
hacking
enumeration
fuzzing
pentesting
offensive-security
hacking-tool
security-scanner
vulnerability-assessment
information-gathering
reconnaissance
pentest-tool
vulnerability-scanner
raccoon
-
Updated
Mar 5, 2020 - Python
minanagehsalalma
commented
Mar 16, 2019
so if the password is correct it accepts it .... and if it's wrong it says the entered password is wrong .. and asks for the password again .. just like what the real sites do :)
Improve this page
Add a description, image, and links to the pentesting topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the pentesting topic, visit your repo's landing page and select "manage topics."
Add 8.7 and 8.8 for android and ios: show how you can delay the attacker or report tampering to the backend as a response to a tamper detected
8.7: The app implements multiple mechanisms in each defense category (8.1 to 8.6). Note that resiliency scales with the amount, diversity of the originality of the mechanisms used.
8.8: The detection mechanisms trigger responses of different types, includ