Metasploit Framework

Classy web-development dressed in a DSL (official / canonical repo)

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

A static analysis security vulnerability scanner for Ruby on Rails applications

Next generation web scanner

A fully automated HTTPS server powered by Nginx, Let's Encrypt and Docker.

📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report

Web Application Security Scanner Framework

InSpec: Auditing and Testing Framework

Authorization service and frontend for Docker registry (v2)

Web CTF CheatSheet 🐈

Patch-level verification for Bundler

Checklist of security precautions for Ruby on Rails applications.

Configuration files for the SOF-ELK VM

Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.

A curated list of podcasts we like to listen to.

Username tools for penetration testing

Module of Metasploit to exploit the vulnerability Eternalblue-Doublepulsar.

Open-source crypto currency exchange software (https://openware.com)

A Ruby framework designed to aid in the penetration testing of WordPress systems.

一个主要用于信息搜集的工具集，主要是用于对网站子域名、开放端口、端口指纹、c段地址、敏感目录等信息进行批量搜集。

SQL Vulnerability Scanner

PoC for CVE-2020-0601- Windows CryptoAPI (Crypt32.dll)

Advisories, proof of concept files and exploits that have been made public by @pedrib.

DEPRECATED - A prototype SSH configuration and policy scanner (Blog: https://mozilla.github.io/ssh_scan/)

A small tool that extracts relative URLs from a file.

Pattern recognition for hosts, services, and content

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo

A script to enumerate virtual hosts on a server.