Find secrets with Gitleaks 🔑

Find, verify, and analyze leaked credentials

Fast web fuzzer written in Go

A fast TCP/UDP tunnel over HTTP

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

In-depth attack surface mapping and asset discovery

Directory/File, DNS and VHost busting tool written in Go

Fast passive subdomain enumeration tool.

Go Training Class Material :

Adversary Emulation Framework

A terminal UI for tshark, inspired by Wireshark

Monitor linux processes without root permissions

Modlishka. Reverse Proxy.

An OOB interaction gathering server and client library

a prettier way to inspect network connections

Rockyou for web fuzzing

Take a list of domains and probe for working HTTP and HTTPS servers

Scan for misconfigured S3 buckets across S3-compatible APIs!

Fast website link checker in Go

Adversary tradecraft detection, protection, and hunting

A tool to abuse Exchange services

Venom - A Multi-hop Proxy for Penetration Testers

evilginx3 + gophish

🔪 Leak git repositories from misconfigured websites

一款针对Vcenter的综合利用工具，包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j，提供一键上传webshell，命令执行或者上传公钥使用SSH免密连接

Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.

A toolkit to attack Office365

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

Statically-linked ssh server with reverse shell functionality for CTFs and such

A unique technique to execute binaries from a password protected zip