Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

Cameradar hacks its way into RTSP videosurveillance cameras

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Hunt for security weaknesses in Kubernetes clusters

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information colle…

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Microsoft » Windows 10 : Security Vulnerabilities

An open-source post-exploitation framework for students, researchers and developers.

Powerful framework for rogue access point attack.

This is a repo which documents real bugs in real software to illustrate trends, learn how to prevent or find them more quickly.

VULNRΞPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE,CVE,MITRE ATT&CK,PCI DSS, import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, …

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

The only tool/technique to punch holes through firewalls/NATs where multiple clients & server can be behind separate NATs without any 3rd party involvement. Pwnat is a newly developed technique, ex…

A PowerShell script anti-virus evasion tool

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.

Privilege Escalation Enumeration Script for Windows

Crack any Microsoft Windows users password without any privilege (Guest account included)

Cisco AnyConnect < 4.8.02042 privilege escalation through path traversal

a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc

An epic web shell

Automating juicy potato local privilege escalation exploit for penetration testers

Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into…

Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [ CVE-2019-19781 ]

A toolkit to attack Office365

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication