This is your work, valued
malicious-pdf. π Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh
4.1ktor-fingerprint. Tor Browser and Tails version fingerprint PoC
138lolcrawler. Headless web crawler for bugbounty and penetration-testing/redteaming
40Pentest-Tools.
12awesome-pentest. A collection of awesome penetration testing resources, tools and other shiny things
9ct-monitor. Certificate Transparency Log Monitor
8dirs3arch. HTTP(S) directory/file brute forcer
6api-hacker. Reads and Swagger/OpenAPI JSON file and routes the requests via Burp Suite
5powershell-backdoor-generator. Reverse backdoor written in PowerShell and obfuscated with Python. It generates payloads for popular hacking devices like Flipper Zero and Hak5 USB Rubber Ducky, and changes its signature after every build for evasion.
4ad-autopwn. AD AutoPwn v4.10.0 β automated AD attack chain, zero-auth to Domain Admin. Discover/Kerberoast/AS-REP/AD CS ESC1-16/Shadow Creds/RBCD+KCD/Ghost-SPN/TGS-rewrite/Dollar-Ticket/WPAD/WSUS/PXE/SCCM/BloodHound auto-action/Loot/DCSync/DPAPI + Synacktiv 2026 reflection (CVE-2025-58726/2026-24294/2026-26128). Authorized pentesting only.
4apt10. APT / Cloud Hopper Yara rules
3PyShell. Multiplatform Python WebShell
3SecLists. SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
3ssh-eol-checker. Nmap SSH Banner EOL Checker - Identifies Ubuntu and Debian versions from SSH banners and checks their EOL status
3homebrew-cask. π» A CLI workflow for the administration of macOS applications distributed as binaries
2jonaslejon.
2EmailChecker. Disposable email detection library for PHP
2keepass-dump. CLI to dump a KeePass database
1Kalkun. Open Source Web based SMS Management
1awesome-wordpress. A curated list of amazingly awesome WordPress resources, themes, plugins and shiny things. Inspired by awesome-php.
1pizero-usb-hid-keyboard. Fake a raspberry pi zero w to look like a keyboard to a Windows 10 PC
1pcap-mitm-fuzz0r. Fuzz servers and clients using pcaps or mitm based approaches
1subfinder. Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
1lockc. Making containers more secure with eBPF and Linux Security Modules (LSM)
1maltrail. Malicious traffic detection system
1burp_log_parser. Python script to parse Burp Suite log files
1openvpn-fingerprint. OpenVPN Fingerprinting Tool
1