{{ message }}
Automatic SQL injection and database takeover tool
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites
The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Web path scanner
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Can we have a feature where a normal brute force is running based on HTTP response like 403/401 do a recursive brute force on that endpoint?
I testing bruteforce my opencart store.
this is body request:
-----------------------------34237939373614592773956005873
Content-Disposition: form-data; name="username"
^USER^
-----------------------------34237939373614592773956005873
Content-Disposition: form-data; name="password"
^PASS^
-----------------------------34237939373614592773956005873
Content-Disposition: form-dat
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
A swiss army knife for pentesting networks
Directory/File, DNS and VHost busting tool written in Go
RustScan has an accessible mode, rustscan --accessible which should promise not to have any weird ASCII text in it.
Write CI that runs RustScan with --accessible a few times, with different flags / options and check the terminal output to see if it contains one of these:
[!][~][>]| {}If any of these characters appear in any of the tests, fail the CI. E
Attack Surface Management Platform | Sn1perSecurity LLC
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Web Pentesting Fuzz 字典,一个就够了。
What would you like added?
Common Platform Enumeration (CPE) is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name.
The usage of CPE naming is
This is a multi-use bash script for Linux systems to audit wireless networks.
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Next generation web scanner
Hey, here we need add url decoding cuz that invalid link with symbols of get request like ?, &, = etc
p.s thx for awesome tool
A Workflow Engine for Offensive Security
Collaborative Penetration Test and Vulnerability Management Platform
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
The LAZY script will make your life easier, and of course faster.
Add a description, image, and links to the pentesting topic page so that developers can more easily learn about it.
To associate your repository with the pentesting topic, visit your repo's landing page and select "manage topics."
Hey Hackers of this spoopy month!👻
Welcome to the Ciphey repo(s)!
This issue requires you to add a decoder.
This wiki section walks you through EVERYTHING you need to know, and we've added some more links at the bottom of this issue to detail more about the decoder.
https://github.com/Ciphey/Ciphey/wiki#adding-your-own-crackers--decoders
https://www.dcode.fr/t9-cipher
https://en.wikipe