A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Attack Surface Management Platform

Some setup scripts for security research tools.

Scripted Local Linux Enumeration & Privilege Escalation Checks

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Linux privilege escalation auditing tool

Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Linux enumeration tool for pentesting and CTFs with verbosity levels

[WIP] 整理过去我和K8s、容器、虚拟化相关的分享 🧐

A script that you can run in the background!

Rockyou for web fuzzing

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

ss/v2ray/xray/trojan/hysteria/naive/socks5 透明代理

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Proxy是高性能全功能的http代理、https代理、socks5代理、内网穿透、内网穿透p2p、内网穿透代理、内网穿透反向代理、内网穿透服务器、Websocket代理、TCP代理、UDP代理、DNS代理、DNS加密代理，代理API认证，全能跨平台代理服务器。

红/蓝队环境自动化部署工具 | Red/Blue team environment automation deployment tool

Linux应急处置/信息搜集/漏洞检测工具，支持基础配置/网络流量/任务计划/环境变量/用户信息/Services/bash/恶意文件/内核Rootkit/SSH/Webshell/挖矿文件/挖矿进程/供应链/服务器风险等13类70+项检查

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

A simple script just made for self use for bypassing 403

403/401 Bypass Methods + Bash Automation + Your Support ;)

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advan…

Asset inventory of over 800 public bug bounty programs.

A curated list of the most common and most interesting robots.txt disallowed directories.

Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)

Secure Shell Bruteforcer — A faster & simpler way to bruteforce SSH server

一款挂载多个云盘的工具

Self contained htaccess shells and attacks

一键提取安卓应用中可能存在的敏感信息。

The great THC-HYDRA tool compiled for Windows