ko-kn3t Goto Github PK

perl-reverse-shell

phonesploit

Using open Adb ports we can exploit a Andriod Device

privilege-escalation

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

privilege-escalation-awesome-scripts-suite

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

proxychains

proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP.

pspy

Monitor linux processes without root permissions

pwnkit

Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation

python-pty-shells

Python PTY backdoors - full PTY or nothing!

reconnoitre

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

rms-runtime-mobile-security

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

sam-the-admin

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

saycheese

Grab target's webcam shots by link

scanandroidxml

Identifies vulnerabilities in network_security_config.xml, AndroidManifest.xml and if Firebase URL are accessible publicly

seclists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

smbmap

SMBMap is a handy SMB enumeration tool

sn1per

Automated pentest framework for offensive security experts

sparta

Network Infrastructure Penetration Testing Tool

spring-spel-0day-poc

spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP

sshuttle

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

startbootstrap-grayscale

A multipurpose one page Bootstrap theme created by Start Bootstrap

sudo_killer

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

tamatebako

A repository for things not quite big enough to warrant their own repository.

tcm-security-sample-pentest-report

Sample pentest report provided by TCM Security

tplmap

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

useful-tools-for-pentest

Some of useful tools and command for pentesting

web-shells

Some of the best web shells that you might need

webapp

Sample Web App with Maven for Jenkins Demo

webcgi-exploits

Multi-language web CGI interfaces exploits.

wesng

Windows Exploit Suggester - Next Generation