Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-…

Configuration Management for Python ⚙

A python script that finds endpoints in JavaScript files

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

ansible-lint checks playbooks for practices and behavior that could potentially be improved and can fix some of the most common ones for you

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Fast and powerful SSL/TLS scanning library.

Loki - Simple IOC and YARA Scanner

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Volatility 3.0 development

Arsenal is just a quick inventory and launcher for hacking programs

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Th…

Weaponized web shell

Automatic SSRF fuzzer and exploitation tool

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

Solutions for various coding/algorithmic problems and many useful resources for learning algorithms and data structures

File upload vulnerability scanner and exploitation tool.

A high performance offensive security tool for reconnaissance and vulnerability scanning

A collection of custom security tools for quick needs.

Tool for Active Directory Certificate Services enumeration and abuse

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.