Stars
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …
Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!
A tool for logging data/testing devices with a Wiegand Interface. Can be used to create a portable RFID reader or installed directly into an existing installation. Provides access to a web based in…
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Generate unicode domains for IDN Homograph Attack and detect them.
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
đź”± Powerfull XSS Scanning and Parameter analysis tool&gem
A curated list of awesome privilege escalation
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
👉 🌟 delightful macOS resources for your touchbar
Code for the paper "Language Models are Unsupervised Multitask Learners"
RSMangler will take a wordlist and perform various manipulations on it similar to those done by John the Ripper with a few extras.
Use unicornscan to quickly scan all open ports, and then pass the open ports to nmap for detailed scans.
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
lgandx / Responder
Forked from SpiderLabs/ResponderResponder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…
Fluxion is a remake of linset by vk496 with enhanced functionality.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAR…
Check-LocalAdminHash is a PowerShell tool that attempts to authenticate to multiple hosts over either WMI or SMB using a password hash to determine if the provided credential is a local administrat…
Stuff about it-security that might be good to know
Script to perform bulk local GeoIP lookups (ASN and geo) for IP addresses
Find the location of multiple IP addresses
In-depth attack surface mapping and asset discovery