HTTPUploadExfil – A Simple HTTP Server For Exfiltrating Files/Data During, For Example, CTFs
HTTPUploadExfil is a (very) simple HTTP server written in Go that's useful for getting files (and other information) off a...
tools
DonPAPI – Dumping DPAPI Credz Remotely
Dumping revelant information on compromised targets without AV detection DPAPI dumpingLots of credentials are protected by DPAPI. We aim at...
Clash – A Rule-Based Tunnel In Go
Download Clash If you like the site, please consider joining the telegram channel or supporting us on Patreon using the...
Lorsrf – SSRF Parameter Bruteforce
Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST MethodsNOTELorsrf has been added to scant3r with useful...
Keeweb – Free Cross-Platform Password Manager Compatible With KeePass
This webapp is a browser and desktop password manager compatible with KeePass databases. It doesn't require any server or additional...
Webdiscover – The Purpose Of This Script Is To Automate The Web Enumeration Process And Search For Exploits
The purpose of this script is to automate the web enumeration process and search for exploits and vulns. Added Tools...
VECTR – A Tool That Facilitates Tracking Of Your Red And Blue Team Testing Activities To Measure Detection And Prevention Capabilities Across Different Attack Scenarios
VECTR documentation can be found here: DocumentationFeature Breakdowns By ReleaseVECTR v7.1.1 Feature BreakdownTeamLEAD PROGRAMMERS:Carl VonderheidGalen FisherDaniel HongPROGRAMMERS:Andrew ScottPatrick HislopDan GuzekZara...
ThreadStackSpoofer – PoC For An Advanced In-Memory Evasion Technique Allowing To Better Hide Injected Shellcode’S Memory Allocation From Scanners And Analysts
A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based...
Terra – OSINT Tool On Twitter And Instagram
OSINT Tool On Twitter And Instagram. Basic Usage:~/terra$ python3 terra.py <username of target> help : -j for saving results in a...
SysFlow – Cloud-native System Telemetry Pipeline
This repository hosts the documentation and issue tracker for all SysFlow projects.Quick referenceDocumentation:the SysFlow DocumentationWhere to get help:the SysFlow Community...
SubCrawl – A Modular Framework For Discovering Open Directories, Identifying Unique Content Through Signatures And Organizing The Data With Optional Output Modules, Such As MISP
SubCrawl is a framework developed by However, if this UI is not sufficient for the subsequent evaluation of the data,...
PortBender – TCP Port Redirection Utility
PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic destined for one...
PEASS-ng – Privilege Escalation Awesome Scripts SUITE new generation
Basic TutorialHere you will find privilege escalation tools for Windows and Linux/Unix* and MacOS.These tools search for possible local privilege...
NTFSTool – Forensics Tool For NTFS (Parser, MTF, Bitlocker, Deleted Files)
NTFSTool is a forensic tool focused on NTFS volumes. It supports reading partition info (mbr, partition table, vbr) but also...
Metabadger – Prevent SSRF Attacks On AWS EC2 Via Automated Upgrades To The More Secure Instance Metadata Service V2 (IMDSv2)
Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).MetabadgerPurpose and functionalityDiagnose...
Limelighter – A Tool For Generating Fake Code Signing Certificates Or Signing Real Ones
A tool which creates a spoof code signing to sign a file with a valid code signing certificate use the...
LazyCSRF – A More Useful CSRF PoC Generator
LazyCSRF is a more useful CSRF PoC InstallationDownload the jar from LICENSEMIT LicenseCopyright (C) 2021 tkmruDownload lazyCSRF If you like...
Karma_V2 – A Passive Open Source Intelligence (OSINT) Automated Reconnaissance (Framework)
𝚔𝚊𝚛𝚖𝚊 𝚟𝟸 is a Passive Open Source MODEsMODEExamples-ip bash karma_v2 -d <DOMAIN.TLD> -l <INTEGER> -ip-asn bash karma_v2 -d <DOMAIN.TLD> -l...
Inceptor – Template-Driven AV/EDR Evasion Framework
Modern Penetration testing and Red Teaming often requires to bypass common AV/EDR appliances in order to execute code on a...
ImpulsiveDLLHijack – C# Based Tool Which Automates The Process Of Discovering And Exploiting DLL Hijacks In Target Binaries
C# based tool which automates the process of discovering and 4. Examples:Target Executable: OneDrive.exeStage: DiscoveryStage: ExploitationSuccessful DLL Hijacks: Unsuccessful DLL Hijacks: DLL...
Fapro – Free, Cross-platform, Single-file mass network protocol server simulator
FaPro is a Fake Protocol Server tool, Can easily start or stop multiple network services.The goal is to support as...
DorkScout – Golang Tool To Automate Google Dork Scan Against The Entiere Internet Or Specific Targets
dokrscout is a tool to automate the finding of Install wordliststo start scanning you'll need some dork lists and to...
Domain-Protect – Protect Against Subdomain Takeover
Protect Against Subdomain Takeoverscans Amazon Route53 across an AWS Organization for domain records vulnerable to takeovervulnerable domains in Google Cloud...
Packet-Sniffer – A pure-Python Network Packet Sniffing Tool
A simple pure-Python network packet sniffer. Packets are disassembled as they arrive at a given network interface controller and their...
