carboncrystal Goto Github PK

pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

payloads

Git All the Payloads! A collection of web attack payloads.

payloadsallthethings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

pdfminer.six

Community maintained fork of pdfminer - we fathom PDF

pentest-wiki

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

pet

Simple command-line snippet manager, written in Go.

php_filter_chain_generator

poc-cve-2021-44521

full PoC of CVE-2021-44521

public-pentesting-reports

Curated list of public penetration test reports released by several consulting firms and academic security groups

python-masscan

python-masscan is a python library which helps in using masscan port scanner.

ransim

Ransomware simulator

rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

scoutsuite

Multi-Cloud Security Auditing Tool

scripts

Scripts I use during pentest engagements.

seclists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

security-cheatsheets

🔒 A collection of cheatsheets for various infosec tools and topics.

shodan-dorks

Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.

shodanapi-py

Shodan Basic Query Results Script for Massive Attacks with Nuclei or Other Automated Exploitation Tool

shosubgo

Small tool to Grab subdomains using Shodan api.

silver

Mass scan IPs for vulnerable services

sqlmap

Automatic SQL injection and database takeover tool

sqlmate

A friend of SQLmap which will do what you always expected from SQLmap.

sshprank

A fast SSH mass-scanner, login cracker and banner grabber tool using the python-masscan and shodan module.

stormspotter

Azure Red Team tool for graphing Azure and Azure Active Directory objects

subdomainizer

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

subfinder

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

sublist3r

Fast subdomains enumeration tool for penetration testers

svg-cheatsheet

A cheatsheet for exploiting server-side SVG processors.

sy3omda-burp-bounty

Burp Bounty profiles

tidos-framework

The Offensive Manual Web Application Penetration Testing Framework.