ktx

Elite
@khast3x

h8mail. Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

5.1k

Redcloud. Automated Red Team Infrastructure deployement using Docker

1.3k

Offensive-Dockerfiles. Offensive tools as Dockerfiles. Lightweight & Ready to go

212

flaskbomb. GZip HTTP Bombing in Python for everyone

43

github-starmap. Python utility to export a user's starred repositories list into a CSV file

17

LeakLooker. Find open databases - Powered by Binaryedge.io

14

AutoSploit. Automated Mass Exploiter

12

Zeus-Scanner. Advanced reconnaissance utility

11

CloudScraper. CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

11

trape. People tracker on the Internet: Learn to track the world, to avoid being traced.

10

GitMiner. Tool for advanced mining for content on Github

9

dcrawl. Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names.

8

hideNsneak. a CLI for ephemeral penetration testing

8

leviathan. wide range mass audit toolkit

8

AutoSQLi. An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

8

Hash-Buster. Crack hashes in seconds.

8

marble-framework. marble framework usado pela CIA para mascarar fontes de malwares

7

Cr3dOv3r. Know the dangers of credential reuse attacks.

7

FiercePhish. FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

7

credmap. The Credential Mapper

7

Photon. Incredibly fast crawler designed for reconnaissance.

7

EmailHarvester. Email addresses harvester

7

SDK. Public SDK for Intelligence X

7

AutoNSE. Massive NSE (Nmap Scripting Engine) AutoSploit and AutoScanner

7

hershell. Multiplatform reverse shell generator

7

merlin. Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

6

Striker. Striker is an offensive information and vulnerability scanner.

6

rdphoney. Basic RDP honeypot script

6

CMSeeK. CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs

6

BruteX. Automatically brute force all services running on a target.

6

GoRedLoot. A tool to collect secrets (keys and passwords) and stage (compress and encrypt) them for exfiltration.

6

SimplyEmail. Email recon made fast and easy, with a framework to build on

6

CrossLinked. LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping. Names can be formatted in a defined naming convention for further security testing.

6

Memcrashed-DDoS-Exploit. DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API

6

datasploit. An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.

5

gscript. framework to rapidly implement custom droppers for all three major operating systems

5

fake-rdp. Emulate the handshake packets of an RDP server with python

5

V3n0M-Scanner. Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

5

sn1per-docker. Dockerized version of Sn1per (https://github.com/1N3/Sn1per)

5

khast3x.github.io. HTML

5

MailFail. Proof of Concept - Utilize misconfigured newsletter forms to spam / deny service to an inbox

5

koadic. Koadic C3 COM Command & Control - JScript RAT

5

netutils. A set of network utils in a small container.

5

haveibeenpwned. Python script to verify multiple email addresses for pwnage

5

twa. A tiny web auditor with strong opinions.

5

ctfr. Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

5

SupergirlOnCrypt. CryptoTrojan in Python (For educational purpose ONLY)

4

BreachCompilation. BreachCompilation Tools

4

Shiva. Improved DOS exploit for wordpress websites (CVE-2018-6389)

4

XSStrike. Most advanced XSS detection suite.

4

offensiveinterview. Interview questions to screen offensive (red team/pentest) candidates

4

sqliv. massive SQL injection vulnerability scanner

4

vulscan. Advanced vulnerability scanning with Nmap NSE

4

Dell-Support-Assist-RCE-PoC. Python

3

serve. Simple Go file server for command line development use, a la Python's SimpleHTTPServer.

3

go-execute-assembly. Allow a Go process to dynamically load .NET assemblies

3

dockerize-me. This tool lets you Dockerize your applications using best practices to define your Dockerfile and Docker entry point files.

3

jekyll-now. Build a Jekyll blog in minutes, without touching the command line.

2

go-donut. Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut

2

carte-noire. A simple jekyll theme for blogging

2
60
Apply