An experimental high-performance DNS query bruteforce tool built with AF_XDP for extremely fast and accurate bulk DNS lookups.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Bruteforcing from various scanner output - Automatically attempts default creds on found services.

dnsprober is a fast and multipurpose DNS reconnaissance tool designed for efficient DNS probing and enumeration. It supports multiple DNS queries, custom resolvers, wildcard filtering, and retryabl…

Get up and running with Llama 3.3, DeepSeek-R1, Phi-4, Gemma 3, Mistral Small 3.1 and other large language models.

A fast and memory-efficient golang tool for deduplicating URLs.

Adversary Emulation Framework

CSbyGB PenTips Gitbook

Quickly discover exposed hosts on the internet using multiple search engines.

A little tool to play with Windows security

Obtain GraphQL API schema even if the introspection is disabled

GoogleDorker - Unleash the power of Google dorking for ethical hackers with custom search precision.

dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.

Scanning APK file for URIs, endpoints & secrets.

ShodanX is a tool to gather information of targets using shodan dorks⚡.

SpideyX a multipurpose Web Penetration Testing tool with asynchronous concurrent performance with multiple mode and configurations.

A library for detecting known secrets across many web frameworks

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Extract URLs, paths, secrets, and other interesting bits from JavaScript

The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbitrary binaries and scripts using any of our nine supported cl…

SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

hydra

Rockyou for web fuzzing

Fast and configurable TLS grabber focused on TLS based data collection.

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Privilege Escalation Enumeration Script for Windows

OSCP Cheatsheet by Sai Sathvik

OSCP Cheat Sheet