Various Tools and Docker Images

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the contr…

Docker hosts and containers monitoring with Prometheus, Grafana, cAdvisor, NodeExporter and AlertManager

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Some setup scripts for security research tools.

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

Most advanced XSS scanner.

Count the number of people around you 👨‍👨‍👦 by monitoring wifi signals 📡

Web path scanner

A repository with various tutorials on how to do things in Pentesting, setup environments and other things

massive SQL injection vulnerability scanner

A CLI tool to convert CSV / Excel / HTML / JSON / Jupyter Notebook / LDJSON / LTSV / Markdown / SQLite / SSV / TSV / Google-Sheets to a SQLite database file.

Self contained htaccess shells and attacks

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors

The Rogue Access Point Framework

Scripts I use during pentest engagements.

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

Shell command, that expose any other command as http. To expose top as http, try : ashttp -p8080 top ; then try http://localhost/8080 and hit F5 to refresh your top :)

DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap

Simple reverse ICMP shell

Shell script that runs on UNIX systems (tested on Solaris 9, HPUX 11, various Linux distributions, FreeBSD 6.2). It detects misconfigurations that could allow local unprivileged user to escalate to…

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

A curated list of the most common and most interesting robots.txt disallowed directories.

Guide to securing and improving privacy on macOS

🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

Self contained cross platform DNS recon tool

Local UNIX PrivEsc Aggregation