Ffuf - Fuzz Faster U Fool is a great tool used for fuzzing. It has become really popular lately with bug bounty hunters. Ffuf is used for fuzzing Get and Post data but can also be used for finding hidden

Nmap Automator is a great tool for initial port scans of a given ip address. It automates the scan techniques which I use on each host, I selected it over any other similar tool since it avoids unnecessary

Turbolist3r is a subdomain enumeration tool which can identify subdomain takeovers. It is heavily based on sublist3r: Installation and usage git clone cd Turbolist3r/ pip3 install -r requirements.txt There

Web Screenshot - webscreenshot.py is a great tool which comes in handy when a penetration tester needs to quickly identify potential vulnerabilities on a massive website. Installation and usage The

Final Recon is a useful tool for gathering data about a target from open source resources, the tool is written in Python3. Installation steps It is really easy to install the tool from the official github

Damn Small XSS Scanner (DSXS) is a great tool for finding cross site scripting vulnerabilities, the tool has been developed in Python 3. It is really simple and the code can be analysed and used for learning.

BoomER is a Command-line interface python open-source framework fully developed in Python 3.X for post-exploitation of targets with the objective to exploit local vulnerabilities on the big three OS's

4CAN V2 is a Raspberry Pi project created by the Cisco team in order to test the security of cars via the 4CAN bus, it can also send random payloads to automate this process. Background In the last decade,

Salsa-tools is a collection of three tools programmed with C# used to take over a windows machine and bypass AV and get a reverse shell without the need for PowerShell on the victim machine. Salsa-Tools

Aquatone is a tool programmed by go-lang to inspect domains/check their status and also provide screenshots of the hosts it supports with numerous hosts at the same time. Installation 1 - Cloning the

Malware showcase is a Github repository that contains examples of malware usage and behavior, this repo should be used only for educational purposes or for experts who wish to expand on the usage for red

Malware showcase is a Github repository that contains examples of malware usage and behavior, this repo should be used only for educational purposes or for experts who wish to expand on the usage for red

DumpsterFire is an open-source tool made by blue team member to edit create and control dumpster payloads in order to create surface attacks and also facilitate the blue team process, its main purpose

CMSeek is an open-source tool that analyzes the regex of websites in order to detect flaws and content management system used like Joomla, Wordpress, Magento, etc ... Installation git clone cd CMSeek/

SniffAir is an open source tool made for sophisticated wireless attacks and data capture, it handle all types of pcap files and analyze traffic through the network interface whilst looking for potential

Definition Whatweb is web scanner written in Ruby to identify and recognise technologies used by a website including CMS, blogging platforms, statistic/analytics packages, Javascript libraries and much

Wifi Pumpkin is a security audit framework used to test the security of wifi against threats like man in the middle attacks. The tool also can create rogue Wi-Fi access points to hack WiFi via deauth attacks

TheFatRat is an easy to use tool which helps in generating backdoors, system exploitation, post exploitation attacks, browser attacks, DLL files, FUD payloads against Linux, Mac OS X, Windows, and Android.

BeRoot is a post-exploitation tool to check for common misconfigurations which can allow an attacker to escalate their privileges. The main goal of BeRoot is to print only the information that has been

Cloakify Factory is a tool to transforms any file type into a list of harmless and even useless looking strings. This ability allows for you to hide a data file in plain sight and also transfer it over