msfpc. MSFvenom Payload Creator (MSFPC)
1.3kos-scripts. Personal Collection of Operating Systems Scripts
577debian-ssh. Debian OpenSSL Predictable PRNG (CVE-2008-0166)
410exe2hex. Inline file transfer using in-built Windows tools (DEBUG.exe or PowerShell).
319SecLists. SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
101VulnInjector. Generates a Windows 'vulnerable' machine from ISOs
91boot2root-scripts. Homemade scripts to-do various vulnerable challenges
81crowbar. Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.
22FinalRecon. The Last Web Recon Tool You'll Need
17gobuster. Directory/file & DNS busting tool written in Go
15king-phisher. Phishing Campaign Toolkit
13kippo-g0tmi1k. Personal fork of Kippo SSH honeypot.
13LFISuite. Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
12egressbuster. Egressbuster is a method to check egress filtering and identify if ports are allowed. If they are, you can automatically spawn a shell.
12veil-Evasion. Veil-Evasion is a tool used to generate payloads that bypass antivirus solutions
12metasploit-framework. Metasploit Framework
11php-backdoor. A standalone PHP backdoor for use on *nix and Windows systems.
9wafw00f. WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
8HomeNetworkSetup. Repo to define my use of docker containers on my home network with Reverse Proxy Configuration
8reaver-wps-fork-t6x. C
8wpscan-v3. WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites.
7commix. Automated All-in-One OS Command Injection and Exploitation Tool
7wifite. Python
7exploitdb-papers. exploit-database-papers
7dirtycow. C
6nethunter-LRT. The Nethunter Linux Root Toolkit is a collection of bash scripts which install Nethunter onto a supported device.
6patator. Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
6GTFOBins.github.io. Curated list of Unix binaries that can be exploited to bypass system security restrictions
6smbmap. SMBMap is a handy SMB enumeration tool
5wpscan. WPScan is a black box WordPress vulnerability scanner
5vmware_escape. VMware Escape Exploit before VMware WorkStation 12.5.5
4Drupalgeddon2. Exploit for Drupalgeddon 2 - CVE-2018-7600
4rex-powershell. Rex library for dealing with Powershell Scripts
4exploitdb-bin-sploits. Exploit Database binary exploits located in the /sploits directory
4sslscan. sslscan tests SSL/TLS enabled services to discover supported cipher suites
4backtrack-update. Update script for Backtrack 5 R2/R3
4kippo-patches. Patches for Kippo (https://code.google.com/p/kippo/) v0.8
4kippo. Kippo - SSH Honeypot
4mkdocs. Project documentation with Markdown.
4Veil. Veil 3.0
4guac-install. Script for installing Guacamole on Ubuntu
3lxc-ci. LXC continuous integration and build scripts
3CeWL. CeWL is a Custom Word List Generator
3octopress. Octopress is an obsessively designed framework for Jekyll blogging. It’s easy to configure and easy to deploy. Sweet huh?
2mirrorbits. Mirrorbits is a geographical download redirector written in Go for distributing files efficiently across a set of mirrors.
1dashboard-icons. 🚀 The best place to find icons for your dashboards.
1contrib. Contributed stuff for munin (plugins, tools, etc...)
1subsonic-fluid. Subsonic desktop client for OSX
1community.rabbitmq. Manage RabbitMQ with Ansible
1