h8mail. Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
5.1kRedcloud. Automated Red Team Infrastructure deployement using Docker
1.3kOffensive-Dockerfiles. Offensive tools as Dockerfiles. Lightweight & Ready to go
212flaskbomb. GZip HTTP Bombing in Python for everyone
43github-starmap. Python utility to export a user's starred repositories list into a CSV file
17LeakLooker. Find open databases - Powered by Binaryedge.io
14AutoSploit. Automated Mass Exploiter
12Zeus-Scanner. Advanced reconnaissance utility
11CloudScraper. CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
11trape. People tracker on the Internet: Learn to track the world, to avoid being traced.
10GitMiner. Tool for advanced mining for content on Github
9dcrawl. Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names.
8hideNsneak. a CLI for ephemeral penetration testing
8leviathan. wide range mass audit toolkit
8AutoSQLi. An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.
8Hash-Buster. Crack hashes in seconds.
8marble-framework. marble framework usado pela CIA para mascarar fontes de malwares
7Cr3dOv3r. Know the dangers of credential reuse attacks.
7FiercePhish. FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
7credmap. The Credential Mapper
7Photon. Incredibly fast crawler designed for reconnaissance.
7EmailHarvester. Email addresses harvester
7SDK. Public SDK for Intelligence X
7AutoNSE. Massive NSE (Nmap Scripting Engine) AutoSploit and AutoScanner
7hershell. Multiplatform reverse shell generator
7merlin. Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
6Striker. Striker is an offensive information and vulnerability scanner.
6rdphoney. Basic RDP honeypot script
6CMSeeK. CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs
6BruteX. Automatically brute force all services running on a target.
6GoRedLoot. A tool to collect secrets (keys and passwords) and stage (compress and encrypt) them for exfiltration.
6SimplyEmail. Email recon made fast and easy, with a framework to build on
6CrossLinked. LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping. Names can be formatted in a defined naming convention for further security testing.
6Memcrashed-DDoS-Exploit. DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API
6datasploit. An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
5gscript. framework to rapidly implement custom droppers for all three major operating systems
5fake-rdp. Emulate the handshake packets of an RDP server with python
5V3n0M-Scanner. Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
5sn1per-docker. Dockerized version of Sn1per (https://github.com/1N3/Sn1per)
5khast3x.github.io. HTML
5MailFail. Proof of Concept - Utilize misconfigured newsletter forms to spam / deny service to an inbox
5koadic. Koadic C3 COM Command & Control - JScript RAT
5netutils. A set of network utils in a small container.
5haveibeenpwned. Python script to verify multiple email addresses for pwnage
5twa. A tiny web auditor with strong opinions.
5ctfr. Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
5SupergirlOnCrypt. CryptoTrojan in Python (For educational purpose ONLY)
4BreachCompilation. BreachCompilation Tools
4Shiva. Improved DOS exploit for wordpress websites (CVE-2018-6389)
4XSStrike. Most advanced XSS detection suite.
4offensiveinterview. Interview questions to screen offensive (red team/pentest) candidates
4sqliv. massive SQL injection vulnerability scanner
4vulscan. Advanced vulnerability scanning with Nmap NSE
4Dell-Support-Assist-RCE-PoC. Python
3serve. Simple Go file server for command line development use, a la Python's SimpleHTTPServer.
3go-execute-assembly. Allow a Go process to dynamically load .NET assemblies
3dockerize-me. This tool lets you Dockerize your applications using best practices to define your Dockerfile and Docker entry point files.
3jekyll-now. Build a Jekyll blog in minutes, without touching the command line.
2go-donut. Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut
2carte-noire. A simple jekyll theme for blogging
2