Starred repositories
554
stars
written in Python
Clear filter
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
An open source platform for Python in the browser. https://pyscript.net Docs: https://docs.pyscript.net/ Try it: https://pyscript.com/ Community: https://discord.gg/HxvBtukrg2
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Impacket is a collection of Python classes for working with network protocols.
Nuitka is a Python compiler written in Python. It's fully compatible with Python 2.6, 2.7, 3.4-3.13. You feed it your Python app, it does a lot of clever things, and spits out an executable or exte…
Android in docker solution with noVNC supported and video recording
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
Automated Penetration Testing Agentic Framework Powered by Large Language Models
an awesome list of honeypot resources
A swiss army knife for pentesting networks
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…
Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥
Infection Monkey - An open-source adversary emulation platform
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️
lgandx / Responder
Forked from SpiderLabs/ResponderResponder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…
The FLARE team's open-source tool to identify capabilities in executable files.
Automated All-in-One OS Command Injection Exploitation Tool
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search.
P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W.
Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…