forked from n00py/ReadingList
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgunsafe.txt
178 lines (160 loc) · 13.8 KB
/
gunsafe.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
General:
Cheatsheets - Penetration Testing/Security Cheatsheets -https://github.com/jshaw87/Cheatsheets
awesome-pentest - penetration testing resources - https://github.com/Hack-with-Github/Awesome-Hacking
Red-Team-Infrastructure-Wiki - Red Team infrastructure hardening resources - https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
Infosec_Reference - Information Security Reference - https://github.com/rmusser01/Infosec_Reference
Web Services:
JettyBleed - Jetty HttpParser Error Remote Memory Disclosure - https://github.com/AppSecConsulting/Pentest-Tools
clusterd - Jboss/Coldfusion/WebLogic/Railo/Tomcat/Axis2/Glassfish - https://github.com/hatRiot/clusterd
xsser - From XSS to RCE wordpress/joomla - https://github.com/Varbaek/xsser
Java-Deserialization-Exploit - weaponizes ysoserial code to gain a remote shell - https://github.com/njfox/Java-Deserialization-Exploit
CMSmap - CMS scanner - https://github.com/Dionach/CMSmap
wordpress-exploit-framework - penetration testing of WordPress - https://github.com/rastating/wordpress-exploit-framework
joomlol - Joomla User-Agent/X-Forwarded-For RCE - https://github.com/compoterhacker/joomlol
joomlavs - Joomla vulnerability scanner - https://github.com/rastating/joomlavs
mongoaudit - MongoDB auditing and pentesting tool - https://github.com/stampery/mongoaudit
davscan - Fingerprints servers, finds exploits, scans WebDAV - https://github.com/Graph-X/davscan
Web Applications:
HandyHeaderHacker - Examine HTTP response headers for common security issues - https://github.com/vpnguy/HandyHeaderHacker
OpenDoor - OWASP Directory Access scanner - https://github.com/stanislav-web/OpenDoor
ASH-Keylogger - simple keylogger application for XSS attack - https://github.com/AnonymousSecurityHackers/ASH-Keylogger
tbhm - The Bug Hunters Methodology - https://github.com/jhaddix/tbhm
commix - command injection - https://github.com/commixproject/commix
NoSQLMap - Mongo database and NoSQL - https://github.com/tcstool/NoSQLMap
xsshunter - Second order XSS - https://github.com/mandatoryprogrammer/xsshunter
Burp Extensions:
backslash-powered-scanner - unknown classes of injection vulnerabilities - https://github.com/PortSwigger/backslash-powered-scanner
BurpSmartBuster - content discovery plugin - https://github.com/pathetiq/BurpSmartBuster
ActiveScanPlusPlus - extends Burp Suite's active and passive scanning capabilities - https://github.com/albinowax/ActiveScanPlusPlus
Local privilege escalation:
yodo - become root via limited sudo permissions - https://github.com/b3rito/yodo
Pa-th-zuzu - Checks for PATH substitution vulnerabilities - https://github.com/ShotokanZH/Pa-th-zuzu
sudo-snooper - acts like the original sudo binary to fool users - https://github.com/xorond/sudo-snooper
RottenPotato - local privilege escalation from service account - https://github.com/foxglovesec/RottenPotato
UACMe - Windows AutoElevate backdoor - https://github.com/hfiref0x/UACME
Invoke-LoginPrompt - Invokes a Windows Security Login Prompt - https://github.com/enigma0x3/Invoke-LoginPrompt
Exploits-Pack - Exploits for getting local root on Linux - https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack
windows-privesc-check - Standalone Executable - https://github.com/pentestmonkey/windows-privesc-check
unix-privesc-check - simple privilege escalation vectors - https://github.com/pentestmonkey/unix-privesc-check
LinEnum - local Linux Enumeration & Privilege Escalation Checks - https://github.com/rebootuser/LinEnum
cowcron - Cronbased Dirty Cow Exploit - https://github.com/securifera/cowcron
WindowsExploits - Precompiled Windows exploits - https://github.com/abatchy17/WindowsExploits
Privilege-Escalation - common local exploits and enumeration scripts - https://github.com/AusJock/Privilege-Escalation
Unix-Privilege-Escalation-Exploits-Pack - https://github.com/LukaSikic/Unix-Privilege-Escalation-Exploits-Pack
Sherlock - PowerShell script to quickly find missing software patches - https://github.com/rasta-mouse/Sherlock
GTFOBins - list of Unix binaries that can be exploited to bypass system security restrictions - https://github.com/GTFOBins/GTFOBins.github.io
Phishing:
eyephish - find similar looking domain names - https://github.com/phar/eyephish
luckystrike - A PowerShell based utility for the creation of malicious Office macro documents - https://github.com/Shellntel/luckystrike
phishery - Basic Auth Credential Harvester with a Word Document Template URL Injector - https://github.com/ryhanson/phishery
WordSteal - steal NTLM hashes - https://github.com/0x090x0/WordSteal
ReelPhish - Real-Time Two-Factor Phishing Tool - https://github.com/fireeye/ReelPhish
Open Source Intelligence:
truffleHog - Searches through git repositories for high entropy strings - https://github.com/dxa4481/truffleHog
Altdns - Subdomain discovery - https://github.com/infosec-au/altdns
github-dorks - reveal sensitive personal and/or organizational information - https://github.com/techgaun/github-dorks
gitrob - find sensitive information - https://github.com/michenriksen/gitrob
Bluto - DNS Recon , Email Enumeration - https://github.com/darryllane/Bluto
SimplyEmail - Email recon - https://github.com/killswitch-GUI/SimplyEmail
Sublist3r - Fast subdomains enumeration tool for penetration testers - https://github.com/aboul3la/Sublist3r
snitch - information gathering via dorks - https://github.com/Smaash/snitch
RTA - scan all company's online facing assets - https://github.com/flipkart-incubator/RTA
InSpy - LinkedIn enumeration tool - https://github.com/gojhonny/InSpy
LinkedInt - LinkedIn scraper for reconnaissance - https://github.com/mdsecactivebreach/LinkedInt
Post-exploitation:
MailSniper - searching through email in a Microsoft Exchange - https://github.com/dafthack/MailSniper
Windows-Exploit-Suggester - patch levels against vulnerability database - https://github.com/GDSSecurity/Windows-Exploit-Suggester
dnscat2-powershell - A Powershell client for dnscat2, an encrypted DNS command and control tool - https://github.com/lukebaggett/dnscat2-powershell
lazykatz - xtract credentials from remote targets protected with AV - https://github.com/bhdresh/lazykatz
nps - Not PowerShell - https://github.com/Ben0xA/nps
Invoke-Vnc - Powershell VNC injector - https://github.com/artkond/Invoke-Vnc
spraywmi - mass spraying Unicorn PowerShell injection - https://github.com/trustedsec/spraywmi
redsnarf - for retrieving hashes and credentials from Windows workstations - https://github.com/nccgroup/redsnarf
HostRecon - situational awareness - https://github.com/dafthack/HostRecon
mimipenguin - login password from the current linux user - https://github.com/huntergregal/mimipenguin
rpivot - socks4 reverse proxy for penetration testing - https://github.com/artkond/rpivot
Looting:
cookie_stealer - steal cookies from firefox cookies database -https://github.com/rash2kool/cookie_stealer
Wifi-Dumper - dump the wifi profiles and cleartext passwords of the connected access points - https://github.com/Viralmaniar/Wifi-Dumper
WebLogicPasswordDecryptor - decrypt WebLogic passwords - https://github.com/NetSPI/WebLogicPasswordDecryptor
jenkins-decrypt - Credentials dumper for Jenkins - https://github.com/tweksteen/jenkins-decrypt
mimikittenz - ReadProcessMemory() in order to extract plain-text passwords - https://github.com/putterpanda/mimikittenz
LaZagne - Credentials recovery project - https://github.com/AlessandroZ/LaZagne
SessionGopher - extract WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop - https://github.com/fireeye/SessionGopher
BrowserGather - Fileless web browser information extraction - https://github.com/sekirkity/BrowserGather
windows_sshagent_extract - extract private keys from Windows 10's built in ssh-agent service - https://github.com/ropnop/windows_sshagent_extract
Network Hunting:
Sticky-Keys-Slayer - Scans for accessibility tools backdoors via RDP - https://github.com/linuz/Sticky-Keys-Slayer
DomainPasswordSpray - password spray attack against users of a domain - https://github.com/dafthack/DomainPasswordSpray
BloodHound - reveal relationships within an Active Directory - https://github.com/adaptivethreat/BloodHound
APT2 - An Automated Penetration Testing Toolkit - https://github.com/MooseDojo/apt2
CredNinja - identify if credentials are valid - https://github.com/Raikia/CredNinja
EyeWitness - take screenshots of websites - https://github.com/ChrisTruncer/EyeWitness
gowitness - a golang, web screenshot utility - https://github.com/sensepost/gowitness
PowerUpSQL - PowerShell Toolkit for Attacking SQL Server - https://github.com/NetSPI/PowerUpSQL
sparta - scanning and enumeration - https://github.com/SECFORCE/sparta
Sn1per - Automated Pentest Recon Scanner - https://github.com/1N3/Sn1per
PCredz - This tool extracts creds from a pcap file or from a live interface - https://github.com/lgandx/PCredz
ridrelay - Enumerate usernames on a domain where you have no creds - https://github.com/skorov/ridrelay
Wireless:
air-hammer - WPA Enterprise horizontal brute-force - https://github.com/Wh1t3Rh1n0/air-hammer
mana - toolkit for wifi rogue AP attacks - https://github.com/sensepost/mana
crEAP - Harvesting Users on Enterprise Wireless Networks - https://github.com/Shellntel/scripts
wifiphisher - phishing attacks against Wi-Fi clients - https://github.com/sophron/wifiphisher
Man in the Middle:
mitmproxy - An interactive TLS-capable intercepting HTTP proxy - https://github.com/mitmproxy/mitmproxy
bettercap - bettercap - https://github.com/evilsocket/bettercap
MITMf - Framework for Man-In-The-Middle attacks - https://github.com/byt3bl33d3r/MITMf
Gifts/Responder - Responder for old python - https://github.com/Gifts/Responder
mitm6 - pwning IPv4 via IPv6 - https://github.com/fox-it/mitm6
shelljack - man-in-the-middle pseudoterminal injection - https://github.com/emptymonkey/shelljack
Physical:
Brutal - Payload for teensy - https://github.com/Screetsec/Brutal
poisontap - Exploits locked/password protected computers over USB - https://github.com/samyk/poisontap
OverThruster - HID attack payload generator for Arduinos - https://github.com/RedLectroid/OverThruster
Paensy - An attacker-oriented library for the Teensy 3.1 microcontroller - https://github.com/Ozuru/Paensy
Kautilya - Payloads for a Human Interface Device - https://github.com/samratashok/Kautilya
Payloads:
JavaReverseTCPShell - Spawns a reverse TCP shell in Java - https://github.com/quantumvm/JavaReverseTCPShell
splunk_shells - Splunk with reverse and bind shells - https://github.com/TBGSecurity/splunk_shells
pyshell - shellify Your HTTP Command Injection - https://github.com/praetorian-inc/pyshell
RobotsDisallowed - harvest of the Disallowed directories - https://github.com/danielmiessler/RobotsDisallowed
SecLists - collection of multiple types of lists - https://github.com/danielmiessler/SecLists
Probable-Wordlists - Wordlists sorted by probability - https://github.com/berzerk0/Probable-Wordlists
ARCANUS - payload generator/handler. - https://github.com/EgeBalci/ARCANUS
Winpayloads - Undetectable Windows Payload Generation - https://github.com/nccgroup/Winpayloads
weevely3 - Weaponized web shell - https://github.com/epinna/weevely3
fuzzdb - Dictionary of attack patterns - https://github.com/fuzzdb-project/fuzzdb
payloads - web attack payloads - https://github.com/foospidy/payloads
HERCULES - payload generator that can bypass antivirus - https://github.com/EgeBalci/HERCULES
Insanity-Framework - Generate Payloads - https://github.com/4w4k3/Insanity-Framework
Brosec - An interactive reference tool for payloads - https://github.com/gabemarshall/Brosec
MacroShop - delivering payloads via Office Macros - https://github.com/khr0x40sh/MacroShop
Demiguise - HTA encryption tool - https://github.com/nccgroup/demiguise
ClickOnceGenerator - Quick Malicious ClickOnceGenerator - https://github.com/Mr-Un1k0d3r/ClickOnceGenerator
PayloadsAllTheThings - A list of useful payloads - https://github.com/swisskyrepo/PayloadsAllTheThings
Apple:
MMeTokenDecrypt - Decrypts and extracts iCloud and MMe authorization tokens - https://github.com/manwhoami/MMeTokenDecrypt
OSXChromeDecrypt - Decrypt Google Chrome and Chromium Passwords on Mac OS X - https://github.com/manwhoami/OSXChromeDecrypt
EggShell - iOS and OS X Surveillance Tool - https://github.com/neoneggplant/EggShell
bonjour-browser - command line tool to browse for Bonjour - https://github.com/watson/bonjour-browser
logKext - open source keylogger for Mac OS X - https://github.com/SlEePlEs5/logKext
OSXAuditor - OS X computer forensics tool - https://github.com/jipegit/OSXAuditor
davegrohl - Password Cracker for OS X - https://github.com/octomagon/davegrohl
chainbreaker - Mac OS X Keychain Forensic Tool - https://github.com/n0fate/chainbreaker
FiveOnceInYourLife - Local osx dialog box phishing - https://github.com/fuzzynop/FiveOnceInYourLife
ARD-Inspector - ecrypt the Apple Remote Desktop database - https://github.com/ygini/ARD-Inspector
keychaindump - reading OS X keychain passwords - https://github.com/juuso/keychaindump
Bella - python, post-exploitation, data mining tool - https://github.com/manwhoami/Bella
EvilOSX - pure python, post-exploitation, RAT - https://github.com/Marten4n6/EvilOSX
Captive Portals:
cpscam - Bypass captive portals by impersonating inactive users - https://github.com/codewatchorg/cpscam
Passwords:
pipal - password analyser - https://github.com/digininja/pipal
wordsmith - assist with creating tailored wordlists - https://github.com/skahwah/wordsmith
Obfuscation:
ObfuscatedEmpire - fork of Empire with Invoke-Obfuscation integrated directly in - https://github.com/cobbr/ObfuscatedEmpire
obfuscate_launcher - Simple script for obfuscating payload launchers - https://github.com/jamcut/obfuscate_launcher
Invoke-CradleCrafter - Download Cradle Generator & Obfuscator - https://github.com/danielbohannon/Invoke-CradleCrafter
Invoke-Obfuscation - PowerShell Obfuscator - https://github.com/danielbohannon/Invoke-Obfuscation
nps_payload - payloads for basic intrusion detection avoidance - https://github.com/trustedsec/nps_payload