This is your work, valued
Making and breaking stuff for decades now :)
DerbyCon2016. Samples & presentation slides from my fuzzing talk at DerbyCon 2016
★ 5SDC2015. samples from SkyDogCon 2015
★ 4fuzzing-stuff. a collection of notes, fuzz strings, and fuzzer templates
★ 1canarytokens. Canarytokens helps track activity and actions on your network
★ 2.1kbettercap. The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.
★ 20kkali-linux-cheatsheet. Kali Linux Cheat Sheet for Penetration Testers
★ 2.9kawesome-exploit-development. A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development
★ 2.1kLOLBAS. Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
★ 1.6kSecLists. SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
★ 72kvulscan. Advanced vulnerability scanning with Nmap NSE
★ 3.8knmap-vulners. NSE script based on Vulners.com API
★ 3.4kCodeExecutionOnWindows. A list of ways to execute code on Windows using legitimate Windows tools
★ 309PSKracker. An all-in-one WPA/WPS toolkit
★ 440krackattacks-scripts. C
★ 3.5kairgeddon. This is a multi-use bash script for Linux systems to audit wireless networks.
★ 7.8kUseful_Websites_For_Pentester. This repository is to make life of the pentester easy as it is a collection of the websites that can be used by pentesters for day to day studies and to remain updated.
★ 396Awesome-Fuzzing. A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
★ 5.9kparameth. This tool can be used to brute discover GET and POST parameters
★ 1.4kbackslash-powered-scanner. Finds unknown classes of injection vulnerabilities
★ 713Mobile-Security-Framework-MobSF. Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
★ 21kmywebappscripts. A collection of all the lists, scripts and techniques I use while doing web application penetration tests.
★ 30pentest-bookmarks. a collection of handy bookmarks
★ 1.1ktbhm. The Bug Hunters Methodology
★ 4.4ktools-tbhm. Tools of "The Bug Hunters Methodology V2 by @jhaddix"
★ 204commix. Automated All-in-One OS Command Injection Exploitation Tool
★ 5.8klanturtle-modules. The Official LAN Turtle Module Repository
★ 352fuzzdb. Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
★ 9kIMSI-catcher. This program show you IMSI numbers of cellphones around you.
★ 4.4kbig-list-of-naughty-strings. The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
★ 48kMisc-PowerShell-Stuff. random powershell goodness
★ 463Cloakify. CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
★ 1.7ksqlmap. Automatic SQL injection and database takeover tool
★ 38kmana. *DEPRECATED* mana toolkit for wifi rogue AP attacks and MitM
★ 1.1kbeef. The Browser Exploitation Framework Project
★ 11kroutersploit. Exploitation Framework for Embedded Devices
★ 13kmetasploit-framework. Metasploit Framework
★ 39kDependencyCheck. OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
★ 7.6k