This is your work, valued
penelope. Penelope Shell Handler
★ 1.9kfreedom. Terminal input autofiller
★ 3OSCP-Cheatsheet. OSCP Cheatsheet by Sai Sathvik
★ 3awesome-security. A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
★ 15kgarak. the LLM vulnerability scanner
★ 8.4kPentestingEverything. Complete Solution for VAPT/AppSec and Pentesting Guide: Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting | SAST | DAST etc...
★ 1.8kdeploy-your-own-saas. List of "only yours" cloud services for everyday needs :black_flag:
★ 9.6kOSWE. OSWE Preparation
★ 680Cybersecurity-Projects. Building 70 Projects ranging from beginner to advanced so anyone can — learn from, build upon, use as a reference, or even copy directly. Gamified Cybersecurity learning 👇
★ 3.9kOffByWon. Network Fuzzing Framework
★ 65Snaffler. a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
★ 2.9kOSCE3-Complete-Guide. OSWE, OSEP, OSED, OSEE
★ 3.9ksystem_prompts_leaks. Extracted system prompts from Anthropic - Claude Fable 5, Opus 4.8, Claude Code, Claude Design. OpenAI - ChatGPT GPT-5.6, Codex GPT-5.6, GPT-5.5. Google - Gemini 3.5 Flash, 3.1 Pro, Antigravity. xAI - Grok, Cursor, Copilot, VS Code, Perplexity, and more. Updated regularly.
★ 56k2FA-Bypass-Techniques. A comprehensive collection of various techniques and methods for bypassing Two-Factor Authentication (2FA) security mechanisms.
★ 113pentest-guide. Penetration tests guide based on OWASP including test cases, resources and examples.
★ 2.8kWeb-App-Pentest-Checklist. A OWASP Based Checklist With 500+ Test Cases
★ 907CredSpray. Multi-protocol credential validation tool with spray and no-spray modes for penetration testing.
★ 32PANIX. Customizable Linux Persistence Tool for Security Research and Detection Engineering.
★ 873PwnPad. PwnPad is an affordable, hands-on hardware hacking platform built for practical learning. It features a range of challenges that walk users through key hardware security concepts, from PCB design to side-channel attacks.
★ 862ShadowPhish. ShadowPhish is an advanced APT awareness toolkit designed to simulate real-world phishing, malware delivery, deepfakes, smishing/vishing, and command & control attacks through an intuitive graphical interface. Perfect for cybersecurity training, red team education, and security awareness programs.
★ 239MANSPIDER. Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!
★ 1.4kDefaultCreds-cheat-sheet. One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️
★ 6.7kActive-Directory-Exploitation-Cheat-Sheet. A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
★ 6.7kRed-Teaming-TTPs. Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!
★ 1.9kcommix. Automated All-in-One OS Command Injection Exploitation Tool
★ 5.8kPentest-Resources-Cheat-Sheets. This repository contains a curated list of websites and repositories featuring pentest & red-team resources such as cheatsheets, write-ups, tools, techniques, programming/scripting notes, and more. I documented them in this repo to provide like-minded offensive security enthusiasts and professionals easy access to these valuable resources.
★ 90OffensiveRust. Rust Weaponization for Red Team Engagements.
★ 3kmalicious-pdf. 💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh
★ 4.1kPowerRunAsSystem. PowerRunAsSystem is a PowerShell script, also available as an installable module through the PowerShell Gallery, designed to impersonate the NT AUTHORITY/SYSTEM user and execute commands or launch interactive processes without relying on third-party tools. It achieves this using only native Windows build-in features.
★ 270trufflehog. Find, verify, and analyze leaked credentials
★ 27keviltree. A python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches.
★ 407blog.quentinra.dev. This repository is a collection of notes, links, tutorials, and experiences aimed at helping others. If you find it useful, please consider giving it a star ⭐ to keep me motivated.
★ 20XLL_Phishing. XLL Phishing Tradecraft
★ 441PEASS-ng. PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
★ 20kLaZagne. Credentials recovery project
★ 11kwhat-happens-when. An attempt to answer the age old interview question "What happens when you type google.com into your browser and press enter?"
★ 43kPentestTools. Awesome Pentest Tools Collection
★ 1.7kcomputer-science. 🎓 Path to a free self-taught education in Computer Science!
★ 206kultimate-nmap-parser. parse nmap files
★ 161Advanced-SQL-Injection-Cheatsheet. A cheat sheet that contains advanced queries for SQL Injection of all types.
★ 3.2kInfosec_Reference. An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
★ 6kDDexec. Shell
★ 51traitor. :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
★ 7.1kstatic-binaries. Various *nix tools built as statically-linked binaries
★ 3.7koled-linux. OLED display support on Linux
★ 97gif-progress. 🎬 Attach progress bar to animated GIF
★ 203modern-unix. A collection of modern/faster/saner alternatives to common unix commands.
★ 33ksh2bin. Go
★ 24HeidiSQL. A lightweight client for managing MariaDB, MySQL, SQL Server, PostgreSQL, SQLite, Interbase and Firebird, written in Delphi and Lazarus/FreePascal
★ 6.2kCrackMapExec. A swiss army knife for pentesting networks
★ 9.2khoneydoc. "Honey" document generator for beacon document tracking.
★ 59nuclei. Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
★ 30kautorev.sh. Autorev.sh generates reverse shell codes for reverse shell . Supports linux and windows
★ 17AggressorScripts. Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
★ 1.5kpe-sieve. Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
★ 3.8kbmc_bladelogic. BMC Bladelogic RSCD exploits including remote code execution - CVE-2016-1542, CVE-2016-1543, CVE-2016-5063
★ 20redacterm. Edit terminal output ready for screenshots - highlight key areas and redact sensitive info.
★ 6RAU_crypto. Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935)
★ 181dell-emc_recoverpoint. Exploits for Dell EMC RecoverPoint enterprise data protection platform
★ 13dp_crypto. Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)
★ 178