CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Drone pentesting framework console

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

Enumerate a target Based off of Nmap Results

Some random tools I use for penetration testing

A tool for recovering server credentials from a pgadmin4 database

All In One, Fast, Easy Recon Tool

This tool allows you to run programs as another user from the Windows command line. Example usage is if you have a low privilege shell and find credentials for another user. You can then execute a program as that other user.

Tools for bug hunting in a container

Password brute-forcing tool built upon Python 3.7 and 'webbot' library.

Simple python script for Information Gathering.

Web server directory and file fuzzer

Ansible Playbooks for adding additional packages/frameworks to Kali Linux

Docker recipes for infosec tools. 🔒 🐳 👨‍🍳

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Current parsers to help convert some popular pentest tools to CSV onevault file formats.

sslscan inside docker

Some interesting list of "awesome list" repos related to cyber security and pentest.

A shell script to comfortably access a Kali Linux instance from the command line