Giter Site home page Giter Site logo

aidanfray / pentesting_tools Goto Github PK

View Code? Open in Web Editor NEW
4.0 2.0 6.0 123.38 MB

Personal collection of scripts and pen' testing tools

Shell 22.04% PHP 0.34% PowerShell 52.56% Python 6.60% Perl 2.56% Ruby 15.90%
pentesting penetration-testing oscp

pentesting_tools's Introduction

Pentesting Tools

Personal collection of scripts and pen testing tools

Interesting Links

gtfobins

List of UNIX binaries that can be used to escape low privileged shells. Website can be used to search for interesting binaries and includes code snippets.

LOLBAS

List of Windows based exe and dlls that can be used to perform certain actions of a Windows system.

PayloadAllTheThings

Github repo containing a organised set of payloads. Very usful to find expolits for an enumerated service.

Pentesting Cheat Sheet

Cheat sheet containing the enumeration basic.

CyberChef

List of 'recipes' used to convert and minipulate text.

Ippsec Rocks

Search tool to look through historic boxes covered by Ippsec.

Reverse Shell Cheat Sheets

List of reverse shell commands for various languages.

HighOnCoffee

Pentest Monkey

Static binaries

List of static binaries that can be used to easily place on a target system.

https://github.com/andrew-d/static-binaries/tree/master/binaries

Creating my own python static binaries with pyinstaller:

pyinstaller --onefile <script>.py

Note: any missing imports can be added using --hidden-import. This may be required for some large scripts

Web-based Tools

Enumeration

Wappalyzer

Browser extension used to discover tech used on a website.

Passwords

Zip Cracker

Attempts to crack zip files protected with weak passwords

CrackStation

Used to search a huge online records of hashes. Used to quickly crack hashes of weak passwords.

Crypto

Wordpress Password Hasher

Used to create hashes for any provided string. This is useful when write access is avaliable for the database of a Wordpress service.

PEM file decoder

Breaks down a cert file into its key file parts

Stego (More useful in CTFs)

Forensicly

Web image forensice investigation tool

Sonic Visualiser

Non-web based tool used for viewing and analysing the contents of music audio files.

Hidden Unicode

Used to display non-visible unicode characters

OSINT

Leaked Passwords

https://leak-lookup.com

https://weleakinfo.com/

Used to search online records for leaked password email combinations. Can exploit common re-use of passwords between accounts.

Phishing

Fail Mailer

Tool allows easy SMTP header spoofing to impersonate any sender. This is normally filtered out by spam filters but can be used on smaller targets.

Infrastructure

PostBin

Tool that allows easy viewing of all redirected requests. This can be used as the endpoint of an XSS attack to view authentication cookies etc.

Temporary Email

Useful mostly for signing up to services but can be used a temporary email endpoint.

Temporary SMS

Similary use-case for temporary email.

Misc

Online OCR

Used to convert an assortment of documents to a editable text format.

Shodan

Search engine for vulnerable IoT devices.

CTF

DTMF Tones

Online Tone Generator

Detect DTMF Tones

RSA

Factor DB

Integer Factorisation

RSA Step-by-step

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.