Skip to content

Instantly share code, notes, and snippets.

@Gh0stlyKn1ght
Forked from MattKetmo/pwnd.md
Created May 4, 2021 01:44
Show Gist options
  • Save Gh0stlyKn1ght/97ca1fce9685756b0e54783aa5ebdc22 to your computer and use it in GitHub Desktop.
Save Gh0stlyKn1ght/97ca1fce9685756b0e54783aa5ebdc22 to your computer and use it in GitHub Desktop.
pwnd

Tools

  • Metaspoit: Penetration testing software
  • GhostShell: Malware indetectable, with AV bypass techniques, anti-disassembly, etc.
  • BeEF: The Browser Exploitation Framework
  • PTF: Penetration Testers Framework
  • Bettercap: MITM framework
  • Nessus: Vulnerability scanner
  • AutoNessus: Auto Nessus
  • BDFProxy: Patch Binaries via MITM (BackdoorFactory)
  • Xplico: Network Forensic Analysis Tool (eg. parse pcap file)
  • Sqlmap: Automatic SQL injection and database takeover tool
  • jsql-injection: Java application for automatic SQL database injection
  • HoneyProxy: MITM
  • Gophish: Open-Source Phishing Framework
  • SET: Social-Engineer Toolkit
  • USBRubberDucky: USB Rubber Ducky
  • USB Wifi Ducky: Upload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4
  • WHID: WiFi HID Injector for Fun & Profit - An USB Rubberducky On Steroids.
  • SimplyEmail: Email recon framework
  • WiFI pineapple: WiFI pineapple (mitm)
  • makeMyCSRF: makeMyCSRF is a tool that can be used to automate auto-submit HTML form creation
  • Weeman: HTTP Server for phishing
  • PlugBot: The PlugBot: Hardware Botnet Research Project
  • Pwn Phone: Portable pentesting device
  • EmPyre: A post-exploitation OS X/Linux agent written in Python 2.7
  • Mimikatz: A little tool to play with Windows security (videos)
  • Acunetix: Scanner to check for XSS, SQL Injection and other web vulnerabilities
  • Burp Suite: The leading toolkit for web application security testing
  • Burp NoPE Proxy: Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
  • ntopng: High-speed web-based traffic analysis
  • nethogs: Linux 'net top' tool
  • jnettop: traffic visualiser
  • Lynis: Security auditing tool for Linux, macOS, and UNIX-based systems
  • Volatility: An advanced memory forensics framework
  • Radare: portable reversing framework
  • Android Fallible: Secrets leak in Android apps
  • XssPy: Web Application XSS Scanner
  • Unicorn: Tool for using a PowerShell downgrade attack and inject shellcode straight into memory
  • changeme: A default credential scanner
  • Mercure: Tool for security managers who want to train their collaborators to phishing
  • catphish: For phishing and corporate espionage
  • Security Checklist: The SaaS CTO Security Checklist
  • cgPwn: A lightweight VM for hardware hacking, RE (fuzzing, symEx, exploiting etc) and wargaming tasks
  • pwlist: Password lists obtained from strangers attempting to log in to my server
  • howmanypeoplearearound: Count the number of people around you by monitoring wifi signals
  • xss-listener: XSS Listener is a penetration tool for easy to steal data with various XSS
  • owasp-mstg: The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering
  • KeychainCracker: macOS keychain cracking tool
  • Microsploit: Fast and easy create backdoor office exploitation using module metasploit packet
  • InjectProc: Process Injection Techniques
  • expdevBadChars: Bad Characters highlighter for exploit development
  • massExpConsole: Collection of Tools and Exploits with a CLI UI
  • getsploit: Command line utility for searching and downloading exploits
  • Findsploit: Find exploits in local and online databases instantly
  • vulscan: Advanced vulnerability scanning with Nmap NSE
  • psychoPATH: a blind webroot file upload & LFI detection tool
  • repo-supervisor: Scan your code for security misconfiguration, search for passwords and secrets
  • xssor: Hack with Javascript (online tool)
  • xray: XRay is a tool for recon, mapping and OSINT gathering from public networks
  • Frida: Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX
  • objection: runtime mobile exploration (based on Frida)
  • pwnbox: Docker container with tools for binary reverse engineering and exploitation
  • backdoor-apk: shell script that simplifies the process of adding a backdoor to any Android APK file
  • Attify OS: Distro for pentesting IoT devices
  • Zeus: AWS Auditing & Hardening Tool
  • EvilAbigail: Automated Linux evil maid attack (backdoors initrd)
  • mitm-router: Man-in-the-middle wireless access point inside a docker container
  • Dracnmap: Exploit Network and Gathering Information with Nmap
  • RastLeak: Tool To Automatic Leak Information Using Hacking With Engine Searches
  • pupy: remote administration and post-exploitation tool (python)
  • pwndsh: Post-exploitation framework (bash) (presentation)
  • kwetza: Python script to inject existing Android applications with a Meterpreter payload
  • zmap: ZMap Internet Scanner
  • zgrab: Application layer scanner that operates with ZMap
  • OpenVAS: The world's most advanced Open Source vulnerability scanner and manager
  • Vulny-Code-Static-Analysis: Basic script to detect vulnerabilities into a PHP source code
  • knockpy: Knock Subdomain Scan
  • BoopSuite: A Suite of Tools written in Python for wireless auditing and security testing (demo)
  • DataSploit: An OSINT Framework to perform various recon techniques
  • domain_analyzer: Analyze the security of any domain by finding all the information possible
  • Luckystrike: A PowerShell based utility for the creation of malicious Office macro documents (demo)
  • sqlcheck: Automatically identify anti-patterns in SQL queries
  • SSRF Testing: https://github.com/cujanovic/SSRF-Testing/
  • XFLTReaT: Tunnelling Framework (kitploit)
  • rudra: Framework for exhaustive analysis of (PCAP and PE) files
  • PenBox: Penetration Testing Framework - The Tool With All The Tools , The Hacker's Repo (website)
  • post-exploitation: Post Exploitation Collection
  • p0wnedShell: PowerShell Runspace Post Exploitation Toolkit
  • sshpry: Seamlessly spy on SSH session like it is your tty
  • cameradar: Cameradar hacks its way into RTSP CCTV cameras
  • DET: Data Exfiltration Toolkit
  • AhMyth-Android-RAT: Android Remote Administration Tool
  • cve-search: tool to perform local searches for known vulnerabilities
  • kernelpop: kernel privilege escalation enumeration and exploitation framework (kitsploit.com)
  • subjack: Hostile Subdomain Takeover tool (blog)
  • nmap-vulners: NSE script based on Vulners.com API
  • recon-ng: full-featured Web Reconnaissance framework
  • InSpy: A LinkedIn enumeration tool
  • routersploit: The Router Exploitation Framework
  • Zeus-Scanner: Advanced reconnaissance utility
  • btlejuice: BtleJuice Bluetooth Smart (LE) Man-in-the-Middle framework
  • censys-subdomain-finder: Perform subdomain enumeration using the certificate transparency logs from Censys
  • Striker: Striker is an offensive information and vulnerability scanner
  • ezsploit: Linux bash script automation for metasploit
  • ctfr: Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
  • autosploit: Automated mass exploitation of remote hosts using Shodan and Metasploit
  • evilgrade: take advantage of poor upgrade implementations by injecting fake updates
  • crt.sh: Certificate Search (eg. %.cambridgeanalytica.org)
  • usbdetective: application for identifying, investigating, and reporting on USB storage devices that have been connected to a Windows system
  • Galileo: Web Application Audit Framework
  • XSStrike: XSS Scanner equipped with powerful fuzzing engine & intelligent payload generator
  • emkei.cz: Free online fake mailer with attachments, encryption, HTML editor and advanced settings…
  • probequest: Toolkit for Playing with Wi-Fi Probe Requests
  • wifite2: Rewrite of the popular wireless network auditor, "wifite", for auditing wireless networks
  • Diggy: Extract endpoints from apk files
  • pyfiscan: Free web-application vulnerability and version scanner
  • sandmap: tool supporting network and system reconnaissance using the massive Nmap engine
  • gitrob: Reconnaissance tool for GitHub organizations
  • evilginx2: mitm attack framework used for phishing login credentials
  • Modlishka: Reverse Proxy. Phishing NG
  • trape: People tracker on the Internet: OSINT analysis and research tool
  • HiddenEye: Modern Phishing Tool With Advanced Functionality And Multiple Tunnelling Services
  • assetfinder: Find domains and subdomains related to a given domain
  • waybackurls: Fetch all the URLs that the Wayback Machine knows about for a domain

Use cases

Devices

Wifi

  • bully-vanilla: Bully is a new implementation of the WPS brute force attack
  • boxon: Détecteur box vulnérables à la brèche PIN NULL (topic)
  • NullWpsPinAuto: Simple bash script intended to exploit the Null Wps Pin breach automatically

Blog / Docs

Training

Misc

Other lists

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment