Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

A curated list of various bug bounty tools

File upload vulnerability scanner and exploitation tool.

An OOB interaction gathering server and client library

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 20…

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!

Community curated list of templates for the nuclei engine to find security vulnerabilities.

PatrowlHears - Vulnerability Intelligence Center / Exploits

Programmatically create an administrative user under Windows

Arsenal is just a quick inventory and launcher for hacking programs

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

Multi Vagrant environment with Active Directory

PingCastle - Get Active Directory Security at 80% in 20% of the time

Labs setup for tests & experimentations

Android_Emuroot is a Python script that allows granting root privileges on the fly to shells running on Android virtual machines that use google-provided emulator images called Google API Playstore…

The ZAP by Checkmarx Core project

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

Attack and defend active directory using modern post exploitation adversary tradecraft activity

Privilege Escalation Enumeration Script for Windows

Basics on commands/tools/info on how to assess the security of mobile applications

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Python script that converts Burp Suite HTTP proxy history files to CSV or HTML

Windows Exploit Suggester - Next Generation

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

Hackish way to intercept and modify non-HTTP protocols through Burp & others.

The goal of this repository is to document the most common techniques to bypass AppLocker.