Metasploit Framework

A curated list of engineering blogs

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

Next generation web scanner

The ultimate WinRM shell for hacking/pentesting

A fully automated HTTPS server powered by Nginx, Let's Encrypt and Docker.

Web Application Security Scanner Framework

📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report

CeWL is a Custom Word List Generator

Efficient and advanced man in the middle framework

Mars(战神)——资产发现、子域名枚举、C段扫描、资产变更监测、端口变更监测、域名解析变更监测、Awvs扫描、POC检测、web指纹探测、端口指纹探测、CDN探测、操作系统指纹探测、泛解析探测、WAF探测、敏感信息检测等等

🔱 Powerfull XSS Scanning and Parameter analysis tool&gem

📚 The Open Source Discovery Service

A Ruby framework designed to aid in the penetration testing of WordPress systems.

一个主要用于信息搜集的工具集，主要是用于对网站子域名、开放端口、端口指纹、c段地址、敏感目录等信息进行批量搜集。

各种安全大会PPT PDF

PoC for CVE-2020-0601- Windows CryptoAPI (Crypt32.dll)

A small tool that extracts relative URLs from a file.

Pattern recognition for hosts, services, and content

Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs

A script to enumerate virtual hosts on a server.

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

A list of cloud ranges from different providers.

fofa website

BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem.

Metasploit modules that didn't make it into trunk for some reason or the other

Zimbra邮件系统漏洞 XXE/RCE/SSRF/Upload GetShell Exploit 1. (CVE-2019-9621 Zimbra<8.8.11 XXE GetShell Exploit)

Shell say no to NIDS

CVE-2020-8163 - Remote code execution of user-provided local names in Rails