📚 Freely available programming books

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

🕵️‍♂️ Offensive Google framework.

The Rogue Access Point Framework

Web path scanner

The recursive internet scanner for hackers. 🧡

A swiss army knife for pentesting networks

🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

CTFs as you need them

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Scanning APK file for URIs, endpoints & secrets.

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

Mimikatz implementation in pure Python

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :)

This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

BloodyAD is an Active Directory Privilege Escalation Framework

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

SysWhispers on Steroids - AV/EDR evasion via direct system calls.

Run PowerShell command without invoking powershell.exe

LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping

A pentest reporting tool written in Python. Free yourself from Microsoft Word.