Penetration Testing

Nord StreamPython

A tool for extracting secrets from CI/CD environments by deploying malicious pipelines, supporting Azure DevOps, GitHub, and GitLab.

Scapy

A curated list of tools, add-ons, articles, and exploits built with the Scapy packet manipulation library.

libformatstrPython

A Python library for generating format string exploitation payloads in binary exploitation and CTF challenges.

Sticky Keys SlayerShell

A security tool that scans for Windows accessibility tools backdoors via automated RDP sessions.

known_hosts-hashcatPython

A tool and guide for cracking hashed SSH known_hosts files using hashcat to recover IP addresses.

GraphCrawler - The all-in-one GraphQL Security toolkitPython

An automated security testing toolkit for GraphQL endpoints that discovers, analyzes, and scores vulnerabilities.

SNMP-BrutePython

A fast SNMP brute force, enumeration, and Cisco config downloader with password cracking capabilities.

DVCS-PillageShell

A toolkit to extract code, configs, and information from web-accessible git, hg, and bzr repositories that aren't fully cloneable.

WebHashCatJavaScript

A web interface for Hashcat that enables distributed password cracking sessions across multiple servers with real-time results.

ADOKitC#

A modular attack toolkit for Azure DevOps Services that leverages the REST API for reconnaissance, privilege escalation, and persistence.

Awesome WebSocket Security

A curated collection of CVEs, research, tools, and resources for WebSocket security testing and vulnerability research.

WHADPython

A Python framework and CLI toolkit for exploring, hacking, and developing tools for wireless protocols using compatible hardware.

hatPython

An automated Hashcat wrapper that speeds up hash cracking during security engagements with pre-configured wordlists and rules.

packemonGo

A cross-platform TUI tool for generating arbitrary network packets and monitoring traffic on any interface.

EzuriGo

A simple Linux ELF runtime crypter that encrypts and loads executables directly into memory to evade detection.

AutoTTPPython

A framework for automating offensive security testing by scripting security tool APIs like Empire and Metasploit.

JoomlaScanPython

A free and open-source scanner that identifies installed components, extensions, and files in Joomla CMS websites.

FingerprinterRuby

A Ruby script that fingerprints remote applications and third-party scripts to identify their versions for security assessment.

InsecureshopKotlin

An intentionally vulnerable Android shopping app built in Kotlin for security education and penetration testing practice.

Reverse-Shell-ManagerPython

A terminal-based manager for handling multiple reverse shell sessions and clients during penetration testing.

fenrirPython

A penetration testing tool that bypasses wired 802.1x network protection to gain access to target networks.

Escape Graphinder - GraphQL Subdomain EnumerationPython

A tool that extracts all GraphQL endpoints from a given domain using subdomain enumeration, script analysis, and brute force.

PETEPJava

An open-source Java proxy for penetration testing, enabling traffic analysis and modification of TCP/UDP application protocols.

h2spacexPython

A low-level Python library for HTTP/2 single packet attacks and timing attacks using Scapy.

padding-oracle-attackerTypeScript

A CLI tool and library for executing padding oracle attacks with concurrent network requests and an elegant UI.

ChironPython

An IPv6 security assessment framework with advanced IPv6 Extension Headers manipulation capabilities for penetration testing and evasion.

Android Framework for ExploitationPython

A framework for exploiting Android devices and applications for security testing and vulnerability assessment.

Smoke Leet EverydayPython

A curated collection of Capture The Flag (CTF) competition writeups for cybersecurity learning and practice.

statsprocessorC

A word generator using per-position Markov chains for password cracking and dictionary generation.

JKS private key crackerJava

Crack passwords of private key entries in Java Key Store (JKS) files using a GPU-accelerated hashcat implementation.

IoTGoatC

A deliberately insecure OpenWrt-based firmware designed to teach IoT security testing through hands-on vulnerability challenges.

GSDFPython

A Python tool that queries Google's SSL transparency report to discover subdomains and identify expired certificates.

routopsyPython

A security toolkit for attacking dynamic routing and first-hop redundancy protocols using weaponized virtual routers.

fitcrackC

A BOINC-based distributed password cracking system powered by hashcat, enabling recovery of passwords from encrypted media and hashes across GPU-equipped nodes.

TTPassGenPython

A flexible and scriptable Python-based password dictionary generator supporting brute-force, combination, and complex rule modes.

CVE-2016-6366Python

An improved exploit implementation for CVE-2016-6366 (EXTRABACON) targeting Cisco ASA devices with extended version support.