smileronin Goto Github PK

hoaxshell

UNDETECTED Windows PS reverse shell, by Microsoft Defender and various other AV solutions, solely based on http(s) traffic.

infosec_reference

Information Security Reference That Doesn't Suck

labs

Vulnerability Labs for security analysis

linux-kernel-exploits

linux-kernel-exploits Linux平台提权漏洞集合

macos-kernel-exploits

macos-kernel-exploits MacOS平台提权漏洞集合 https://www.sec-wiki.com

metasploit-framework

Metasploit Framework

mobile-security-framework-mobsf

Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.

mobile-security-wiki

mobileapp-pentest-cheatsheet

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

ms17-010

MS17-010

mywebappscripts

A collection of all the lists, scripts and techniques I use while doing web application penetration tests.

netripper

NetRipper - Smart traffic sniffing for penetration testers

office-exploits

office-exploits Office漏洞集合 https://www.sec-wiki.com

oscp

owasp-fstm

The Firmware Security Testing Methodology (FSTM) is composed of nine stages tailored to enable security researchers, software developers, consultants, and Information Security professionals with conducting firmware security assessments.

owasp-testing-checklist

OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.

panhunt

PANhunt searches for credit card numbers (PANs) in directories.

payloads

Git All the Payloads! A collection of web attack payloads.

payloadsallthethings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

pentesting_tools

For educational purposes only, use at your own responsibility. metasploit_rc_scripts - contains either sample rc files for explatation or perls to generate such. nmap_scans - is for some ready to use nmap scannings. other_scans - scripts that can be used for scanning if nothing else is availible. post - is for post exploatation. shellshock - is a script to get use of the shellshock vulnarability. tools - are other tools. If any questions please ask at [email protected]

portia

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

public-pentesting-reports

Curated list of public penetration test reports released by several consulting firms and academic security groups

pwnwiki.github.io

PwnWiki - The notes section of the pentesters mind.

red-team-infrastructure-wiki

Wiki to collect Red Team infrastructure hardening resources

resource-list

GitHub Project Resource List

snitch

information gathering via dorks

spiderfoot

SpiderFoot, the open source footprinting and intelligence-gathering tool.

ssrf-testing

SSRF (Server Side Request Forgery) testing resources

ssrfmap

Automatic SSRF fuzzer and exploitation tool

taktikselbughunting

Taktiksel Bug Hunting Yöntemleri