"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

This repository includes resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering…

Damn Vulnerable NodeJS Application

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

A tool that lets you create multiple TOR instances with a load-balancing traffic between them by HAProxy. It's provides one single endpoint for clients. In addition, you can view previously running…

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

💻 Elevate, UAC bypass, persistence, privilege escalation, dll hijack techniques

Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use ma…

PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards.

Phishing Campaign Toolkit

Galileo - Web Application Audit Framework

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Robber is open source tool for finding executables prone to DLL hijacking

FireShodanMap is a Realtime map that integrates Firebase, Google Maps and Shodan. A search is carried out using Shodan searching vulnerable devices and they are showed on the map for analysis. All …

Loki - Simple IOC and Incident Response Scanner

TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution.

WAScan - Web Application Scanner

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

Automatically Launch Google Hacking Queries Against A Target Domain

Splunk Dashboard for CobaltStrike logs

A tool to link a domain with registered organisation names and emails, to other domains.

HTML_CodeSniffer is a client-side JavaScript application that checks a HTML document or source code, and detects violations of a defined coding standard. Comes with standards that cover the three c…

Awesome Hacking Tools

Automated Pentest Recon Scanner

An automated adversary emulation system

automated penetration toolkit

Destroy Windows Spying tool

A collection of Burpsuite Intruder payloads, fuzz lists and file uploads

Red Team Tips as posted by @vysecurity on Twitter

PowerForensics provides an all in one platform for live disk forensic analysis