Stars
USB Army Knife – the ultimate close access tool for penetration testers and red teamers.
Frida scripts to directly MitM all HTTPS traffic from a target mobile application
Extract JavaScript source trees from Sourcemap files
Checks if an Android application has successfully completed the "App Link Verification" process for Android App Links.
A reverse engineering tool for decompiling and disassembling the React Native Hermes bytecode
mechanico / Keychain-Dumper
Forked from ptoomey3/Keychain-DumperA tool to check which keychain items are available to an attacker once an iOS device has been jailbroken
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
Find, verify, and analyze leaked credentials
(WIP) Runtime Application Instruments for iOS. Previously Passionfruit
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Tool for Active Directory Certificate Services enumeration and abuse
Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to by…
This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010
For all your network pentesting needs
A private botnet using multiple cloud environments for pentesters and red teamers. - Built by the community during a hackathon at the WWHF 2018 security conference
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the contr…
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…
iOS/macOS/Linux Remote Administration Tool
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.