Security Tool to Look For Interesting Files in S3 Buckets

A toolkit for testing, tweaking and cracking JSON Web Tokens

Pentesting checklists for various engagements

This repository contains payload to test NoSQL Injections

✔️ your offsec knowledge

Metasploit modules that didn't make it into trunk for some reason or the other

bumblebee-status is a modular, theme-able status line generator for the i3 window manager.

Search the ExploitDB with a little more control

Scripts to automate patch management and maintenance within WSUS 3.2.

A decryptor for Wanacry (you need the private key!)

Script to track updates on web resources (mainly JS files or whole HTML pages).

Precompiled Windows exploits

Patch PE, ELF, Mach-O binaries with shellcode

A tool to create a JScript file which loads a .NET v2 assembly from memory.

A fork of theharvester to include verbose mode to print the source pages/results where entries where found.

Agnoster Theme for Bash

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.

Office 365 REST client for Python

Verify the configuration of your OS X machine.

Damn Small Vulnerable Web

Scan vuls kernel CVE-2016-5195 - DirtyCow

Fuzzing for LFI using Burpsuite

List of advanced XSS payloads

Curated list of public penetration test reports released by several consulting firms and academic security groups

A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data.

This contains common local exploits and enumeration scripts

WebDigger is a python based tool, specially created to identify a company's unknown domains.

Lab set-up for learning SQL Injection Techniques