Automatic SQL injection and database takeover tool
-
Updated
Oct 1, 2020 - Python
#
pentesting
Here are 1,370 public repositories matching this topic...
Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.
windows
linux
awesome
osint
malware
hacking
resources
sql-injection
csrf
awesome-list
pentesting
malware-analysis
bugbounty
kali-linux
hacking-tool
dork
information-gathering
xxe
redteam
osint-resources
-
Updated
Oct 4, 2020
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
android
python
windows
linux
shell
backdoor
reverse-shell
rat
pentesting
post-exploitation
remote-access
payload
mac-os
meterpreter
pupy
reflective-injection
remote-admin-tool
-
Updated
Oct 2, 2020 - Python
Open
Add Braille Decoder
9
bee-san
commented
Sep 29, 2020
Hello spoooopyyy hackers
This is a Hacktoberfest only issue!
Find our contributing guidelines here, this walks you through how to add a decoder / cracker!
https://github.com/Ciphey/Ciphey/wiki#adding-your-own-crackers--decoders
Don't worry if it looks hard, we will walk you through everything! :)
Write this issue in Python!
Links
These links will
Web path scanner
python
security
scanner
hacking
bruteforce
penetration-testing
bug-bounty
fuzzing
pentesting
pentest
fuzzer
appsec
dirsearch
dirbuster
scanner-web
-
Updated
Oct 5, 2020 - Python
A collection of open source and commercial tools that aid in red team operations.
-
Updated
Sep 1, 2020
jhertz
commented
Apr 17, 2020
Hi All,
So I'm trying to use hydra to bruteforce a login on a system that uses custom http headers to receive the username and password. Hydra does not seem to be doing substitution of ^USER^ and ^PASS^ when used as HTTP headers. If I issue issuing a call to hydra like this:
hydra "http-post://0.0.0.0:8000/:H=username\:^USER^:H=password\:^PASS^" -l admin -p admin
I see the following r
A swiss army knife for pentesting networks
-
Updated
Oct 1, 2020 - Python
Automated pentest framework for offensive security experts
dns
osint
scanner
nuke
hacking
subnet
shellshock
vulnerability
pentesting
scans
recon
vulnerabilities
bugbounty
pentest
automated
kali-linux
metasploit
sn1per
sn1per-professional
xerosecurity
-
Updated
Sep 27, 2020 - Shell
PHPCore1
commented
Sep 23, 2020
🐛 Bug report
Description
You can use UI-Bypass on checkout to get a negative wallet (To pay without having enough money)
(It could also get a nice Challange :)
🔬 Minimal Reproduction
Directory/File, DNS and VHost busting tool written in Go
-
Updated
Oct 1, 2020 - Go
An Information Security Reference That Doesn't Suck
windows
linux
osx
reverse-engineering
hacking
forensics
penetration-testing
infosec
pentesting
references
information-security
privilege-escalation
exfiltration
infosec-reference
red-team
blueteam
hacking-simulator
privilege-escalation-exploits
mitre-attack-db
-
Updated
Sep 28, 2020
x72hoor
opened
Aug 5, 2020
This is a multi-use bash script for Linux systems to audit wireless networks.
linux
bash
enterprise
security
hacking
wireless
aircrack
handshake
pentesting
denial-of-service
wps
sslstrip
beef
evil-twin
sniffing
pixie-dust
wep
5ghz
wpa-wpa2
pmkid
-
Updated
Oct 5, 2020 - Shell
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
security
security-audit
scanner
exploits
infosec
pentesting
vulnerability-detection
vulnerability-scanners
vulnerability-assessment
-
Updated
Jan 29, 2020 - Python
Collaborative Penetration Test and Vulnerability Management Platform
security
devops
chatops
security-audit
collaboration
orchestration
nmap
penetration-testing
vulnerability
infosec
pentesting
collaborative
cve
nessus
vulnerability-management
vulnerability-scanners
burpsuite
security-automation
devsecops
continuous-scanning
-
Updated
Sep 10, 2020 - JavaScript
Next generation web scanner
ruby
security
web
scanner
hacking
owasp
penetration-testing
application-security
pentesting
recon
pentest
kali-linux
appsec
network-security
web-hacking
security-tools
penetration-test
hacking-tools
pentesting-tools
penetration-testing-tools
-
Updated
Oct 3, 2020 - Ruby
Web Pentesting Fuzz 字典,一个就够了。
-
Updated
May 9, 2020 - Python
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
security
awesome
hacking
cheatsheet
penetration-testing
penetration
pentesting
security-vulnerability
information-security
refresher
hacking-tool
oscp5
howto-tutorial
security-tools
oscp
penetration-test
oscp-journey
hacking-code
oscp-tools
cheatsheet-god
-
Updated
Sep 6, 2020
The LAZY script will make your life easier, and of course faster.
shortcut
penetration-testing
shell-script
pentesting
wifiphisher
wpa-cracker
kali-linux
bypass-av
metasploit-framework
payload
pixie-dust
bypass-antivirus
wifi-password
wpa2-handshake
antivirus-evasion
payload-generator
sqlinjection
pentest-tool
wifi-testing
eternalblue-doublepulsar-metasploit
kali-scripts
-
Updated
Sep 19, 2020 - Shell
bee-san
commented
Oct 4, 2020
Problem
We want to benchmark RustScan with https://github.com/sharkdp/hyperfine and store the results in Google Sheets.
We want this program (written in whatever language you want, but preferably Python) to run on a new tag release.
You can do this using either GitHub actions or Travis CI.
What the program should do
- Download & install HyperFine (this can be done in the CI)
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
static-analysis
mobile-app
android-application
ios-app
dynamic-analysis
pentesting
reverse-engineers
network-analysis
runtime-analysis
-
Updated
Aug 30, 2020
Wiki to collect Red Team infrastructure hardening resources
-
Updated
Mar 24, 2020
Automated All-in-One OS command injection and exploitation tool.
-
Updated
Oct 5, 2020 - Python
analyserdmz
commented
May 7, 2020
Would be awesome if it would be possible to save the found streams to a M3U file, compatible with VLC. An example template of a valid M3U file is the following:
#EXTM3U
#EXTINF:-1 tvg-id="" tvg-name="" tvg-language="" tvg-logo="" tvg-country="" tvg-url="" group-title="",[IP AND CHANNELID HERE FOR NAME]
rtsp://192.168.0.5/route/to/stream/here
#EXTINF:-1 tvg-id="" tvg-name="" tvg-langua
A high performance offensive security tool for reconnaissance and vulnerability scanning
osint
scanner
hacking
enumeration
fuzzing
pentesting
offensive-security
hacking-tool
security-scanner
vulnerability-assessment
information-gathering
reconnaissance
pentest-tool
vulnerability-scanner
raccoon
-
Updated
Mar 5, 2020 - Python
minanagehsalalma
commented
Mar 16, 2019
so if the password is correct it accepts it .... and if it's wrong it says the entered password is wrong .. and asks for the password again .. just like what the real sites do :)
The cheat sheet about Java Deserialization vulnerabilities
-
Updated
Oct 4, 2020
Improve this page
Add a description, image, and links to the pentesting topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the pentesting topic, visit your repo's landing page and select "manage topics."
Add 8.7 and 8.8 for android and ios: show how you can delay the attacker or report tampering to the backend as a response to a tamper detected
8.7: The app implements multiple mechanisms in each defense category (8.1 to 8.6). Note that resiliency scales with the amount, diversity of the originality of the mechanisms used.
8.8: The detection mechanisms trigger responses of different types, includ