🙃 A delightful community-driven (with 2,400+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python…

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

💀 The former home of Homebrew/homebrew (deprecated)

Guide to securing and improving privacy on macOS

Most advanced XSS scanner.

The Rogue Access Point Framework

Web path scanner

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the contr…

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

Some setup scripts for security research tools.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Count the number of people around you 👨‍👨‍👦 by monitoring wifi signals 📡

Docker hosts and containers monitoring with Prometheus, Grafana, cAdvisor, NodeExporter and AlertManager

Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors

DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

Simple reverse ICMP shell

A curated list of the most common and most interesting robots.txt disallowed directories.

massive SQL injection vulnerability scanner

Self contained htaccess shells and attacks

Scripts I use during pentest engagements.

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

A CLI tool to convert CSV / Excel / HTML / JSON / Jupyter Notebook / LDJSON / LTSV / Markdown / SQLite / SSV / TSV / Google-Sheets to a SQLite database file.

Various Tools and Docker Images

Local UNIX PrivEsc Aggregation

Self contained cross platform DNS recon tool

Various Cheat Sheets related to development and security

Shell script that runs on UNIX systems (tested on Solaris 9, HPUX 11, various Linux distributions, FreeBSD 6.2). It detects misconfigurations that could allow local unprivileged user to escalate to…