SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

This tool scans for a number of common, vulnerable components (openssl, libpng, libxml2, expat and a few others) to let you know if your system includes common libraries with known vulnerabilities.

A script to test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks.

Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, …

DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

Boomerang is a tool to expose multiple internal servers to web/cloud. Agent & Server are pretty stable and can be used in Red Team for Multiple levels of Pivoting and exposing multiple internal ser…

ScareCrow - Payload creation framework designed around EDR bypass.

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

A post exploitation framework designed to operate covertly on heavily monitored environments

File upload vulnerability scanner and exploitation tool.

Some Generic Browser Exploits (For Educational Purposes Only)

Search tool to find specific files containing specific words, i.e. files containing passwords..

An advanced multithreaded admin panel finder written in python.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Automated All-in-One OS command injection and exploitation tool.

什么? 你想用免费的BurpSuitePro版本!!!

Drone pentesting framework console

Most advanced XSS scanner.

Vulnerability Scanner

Web application fuzzer