awesome-sec-talks. A collected list of awesome security talks
4.2kawesome-windows-domain-hardening. A curated list of awesome Security Hardening techniques for Windows.
1.8ktwittor. A fully featured backdoor that uses Twitter as a C&C server
804API-dnsdumpster.com. (Unofficial) Python API for https://dnsdumpster.com/
282HQLmap. (Deprecated) HQLmap, Automatic tool to exploit HQL injections
231Shodan.io-mobile-app. Official repository for the Shodan.io mobile Application
203CSRFT. A lightweight CSRF Toolkit for easy Proof of concept
173DET. (extensible) Data Exfiltration Toolkit (DET)
163crt.sh. (Unofficial) Python API for https://crt.sh
152Shodan-Firefox-Addon. Shodan Firefox Add-on
151osint-facebook-reset-password. Python util to retrieve full display name and profile picture from a single email address
107skype-osint. Python OSINT Tool to retrieve information from Skype
76SPIPScan. SPIP (CMS) Scanner for penetration testing purpose written in Python
73API-EZTV.it. (Unofficial) Python API for the torrent website EZTV.it
72metasearch-public. Stop searching for sample hashes on 10 different sites.
66API-malwr.com. (Unofficial) Python API for https://malwr.com/
62cybercrime-tracker.net. (Unofficial) Python API for cybercrime-tracker.net
38go-http-monitor. A (dead-simple) Golang utility allowing you to monitor HTTP endpoints
38API-InstagramLocation. Python OSINT Tool to retrieve pictures from a specific location using Instagram API
37pepito. Finds sensitive stuff in your git repository by specifying terms to look for
31Shodan-mattermost. Mattermost - Shodan Slash command
31VNWA. Vulnerable Node.js Web Application to pratice with your pentesting skills
21API-namechk.com. (Unofficial) Python API for http://namechk.com
20HTTP-traceroute. HTTP-traceroute in Go
19exploitdb-json-api. JSON API for ExploitDB Website
17ransomware-tracker. (Unofficial) Python API for http://ransomwaretracker.abuse.ch/tracker/
16SearchShodan. This is a basic example of how to search into Shodan using the ShodanAPI.
15API-netcraft.com. (Unofficial) Python API for http://netcraft.com
15API-checkusernames.com. (Unofficial) Python API for http://checkusernames.com
13passphrase-wordlist. Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
13XSS-Callback. A lightweight HTTP Server that exploits XSS victim's session automatically
11SSLBlackList. (Unofficial) Python API for https://sslbl.abuse.ch/
11SecLists. SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
11WhatHashIsIt. # Deprecated # "What hash is it?" service allows you to identify the hashing functions used of your hash(es) based on their characteristics.
10Social-Markdown. "Dillinger.io clone" allowing live concurrent editing.
10TVShowsManager. Basic manager to download your TV Shows automatically with EZTV.it website.
9recon-scan. Recon tool using Yatedo and Pipl
9paulsec.github.io. Repository containing my portfolio
8AIL-framework. AIL framework - Analysis Information Leak framework
7API-HaveIBeenPwned. (Unofficial) Python API for HaveIBeenPwned Website
7Python-plugins. Quick Python project with a simple Plugin architecture
7what-is-this-browser. Python script that tells you what's the potential configuration behind a User-Agent
6ESPloitV2. WiFi Keystroke Injection Tool designed for an Atmega 32u4/ESP8266 Paired via Serial (Cactus WHID Firmware). Also features Serial, HTTP, and PASV FTP exfiltration methods and an integrated Credential Harvester Phishing tool called ESPortal.
6drupal-enum-users. (Python) Quick script to enumerate users on a Drupal instance
6censysio. Censysio Python wrapper
6markovobfuscate. Python library and tools to obfuscate data based on Markov models built off the same data
6burito. # Deprecated # Burito, Hydra-like tool to audit Web application using forms containing server-side generated params.
6theHarvester. E-mail, subdomain and people names harvester
5urh. Universal Radio Hacker: investigate wireless protocols like a boss
4shellpot-nodejs. Honeypot written in Node.js for the Shellshock vulnerability
4node-ip-info. Retrieves information about a specific IP
4API-ShouldIChangeMyPassword. (Unofficial) Python API for ShouldIChangeMyPassword Website
4gophish. Open-Source Phishing Toolkit
3webhooks. :fishing_pole_and_fish: Webhook receiver for GitHub, Bitbucket, GitLab, Gogs
3Empire. Empire is a PowerShell and Python post-exploitation agent.
2