bnder1 Goto Github PK

robotsdisallowed

A curated list of the most common and most interesting robots.txt disallowed directories.

rogue-jndi

A malicious LDAP server for JNDI injection attacks

salsa-tools

Salsa Tools - ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP/Shellcode/SILENTTRINITY and AV bypass, AMSI patched

scorecard

Security Scorecards - Security health metrics for Open Source

seclists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

send

:mailbox_with_mail: Simple, private file sharing. Mirror of https://gitlab.com/timvisee/send

shodan-scan-wrapper

Python3 script that wraps Shodan CLI - it resolves a domain to an IP and then performs a scan

smbmap

SMBMap is a handy SMB enumeration tool

snaffler

a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )

social-engineer-toolkit

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

socialfish

Educational Phishing Tool & Information Collector

splunkwhisperer2

Local privilege escalation, or remote code execution, through Splunk Universal Forwarder (UF) misconfigurations

ssl-kill-switch2

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps

streamrip

A scriptable music downloader for Qobuz, Tidal, SoundCloud, and Deezer

superlogout.github.io

Most likely the most secured page in the world

template

test

the-hacker-recipes

This project is aimed at freely providing technical guides on various hacking topics: Active Directory services, web services, servers, intelligence gathering, physical intrusion, phishing, mobile apps, iot, social engineering, etc.

theharvester

E-mails, subdomains and names Harvester - OSINT

thezoo

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

tpotce

🍯 T-Pot - The All In One Honeypot Platform 🐝

trojan

An unidentifiable mechanism that helps you bypass GFW.

twint

An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.

unicorn

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.

username_generator

A Burp Extension that parses emails from HTTP content and can optionally generate usernames.

vajra

Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure environment. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking techniques all at one place with web UI interfaces.

volatility

An advanced memory forensics framework

wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

wargaming-challenges

Wargaming challenges write-ups

whatweb

Next generation web scanner