mitmproxy by mitmproxy

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

created at Feb. 16, 2010, 4:10 a.m.

624 +0

36,847 +91

4,041 +6

sqlmap by sqlmapproject

Automatic SQL injection and database takeover tool

created at June 26, 2012, 9:52 a.m.

1,092 +1

32,589 +78

5,725 +10

phpsploit by nil0x42

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

created at May 21, 2014, 7:43 p.m.

104 +0

2,221 +8

440 +1

weevely3 by epinna

Weaponized web shell

created at Sept. 20, 2014, 10:16 a.m.

132 +1

3,200 +10

605 +2

wfuzz by xmendez

Web application fuzzer

created at Oct. 22, 2014, 9:23 p.m.

167 +0

5,968 +13

1,385 +0

plasma by plasma-disassembler

Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

created at March 9, 2015, 9:16 p.m.

149 +0

3,047 +0

277 +0

Some-PoC-oR-ExP by coffeehb

各种漏洞poc、Exp的收集或编写

created at March 13, 2015, 3:31 p.m.

154 +0

2,384 +2

972 +0

commix by commixproject

Automated All-in-One OS Command Injection Exploitation Tool.

created at March 20, 2015, 8:38 a.m.

158 +0

4,611 +13

818 +2

subDomainsBrute by lijiejie

A fast sub domain brute tool for pentesters

created at April 1, 2015, 7:22 a.m.

116 +0

3,488 +2

1,010 +0

Sublist3r by aboul3la

Fast subdomains enumeration tool for penetration testers

created at Dec. 15, 2015, 12:55 a.m.

231 +0

9,880 +18

2,104 -2

a2sv by hahwul

Auto Scanning to SSL Vulnerability

created at Jan. 25, 2016, 7:15 a.m.

46 +0

627 +1

169 +0

JoomlaScan by drego85

A free software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.

created at Feb. 11, 2016, 9:28 p.m.

20 +0

215 +0

68 -1

pwngitmanager by allyshka

Git manager for pentesters

created at Feb. 25, 2016, 6:14 a.m.

6 +0

107 +0

22 +0

GitMiner by UnkL4b

Tool for advanced mining for content on Github

created at Feb. 27, 2016, 12:30 p.m.

108 +0

2,092 +2

426 +0

VWGen by qazbnm456

Vulnerable Web applications Generator

created at April 12, 2016, 4:06 p.m.

7 +0

84 +0

18 +0

charsetinspect by hack-all-the-things

A script that inspects multi-byte character sets looking for characters with specific user-defined properties

created at June 23, 2016, 3:09 p.m.

3 +0

26 +0

7 +0

tplmap by epinna

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

created at July 6, 2016, 8:33 p.m.

83 +1

3,794 +9

671 +1

prowler by prowler-cloud

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

created at Aug. 24, 2016, 3:12 p.m.

130 +0

10,847 +39

1,543 +3

aws_pwn by dagrz

A collection of AWS penetration testing junk

created at Oct. 18, 2016, 3:14 a.m.

52 +0

1,173 +0

194 +0

GSDF by We5ter

A domain searcher named GoogleSSLdomainFinder - 基于谷歌SSL透明证书的子域名查询工具

created at Dec. 19, 2016, 4:58 p.m.

7 +0

175 +0

57 +0